An access policy allows us the ability to control who can post a message to a topic and who can subscribe to a topic. It is based on a similar approach to the S3 resource policy and allows us the ability to maintain fine-grained control over access to the SNS topic:
- To edit the policy, simply select the SNS topic and select Edit topic policy from the Actions menu:
- There are two views, Basic and Advanced; in the Basic view, we can select who we would like to allow to publish to the topic, but are limited to either the topic owner, everyone, or specific AWS IAM users. The same goes for the subscriptions; only a limited set of options is available for subscriptions:
- With the Advanced view, we have the ability to edit the policy in JSON using the SNS Access Policy Language:
- Once we are done editing the policy to our satisfaction, we simply click Update policy and the access policy is updated.
If you would like to learn more about the SNS Access Policy Language, please take a look at the link in the Further reading section of this chapter.