I need some help with setting up role policy for sms in aws.
Basically I am writing lambda function to send sms, but sending to which number depend on the date.
For example: I have 2 numbers now.
const myMobile = 333;
const partnerMobile = 444;
I will do a logic in lambda to see under what condition sms will be send to myMobile
or partnerMobile
.
I know I can create a new IAM user
with access and secret key, which would work, but since it’s AWS Lambda it seems like a bit too much since there are roles and permissions can be used for AWS products to access each other without creating extra keys.
I tried using topic
and subscription
but if using a topic
then the policy would look like:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "arn:aws:sns:us-west-2:##73038361###:SMS-Some-topic"
}
]
}
But this wouldn’t work though, because it’ll publish too all numbers under the topic which means both myMobile
and parterMobile
will get the number but I only want one of them to get it when logic matches.
I know by doing this below would work:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "*"
}
]
}
But feels like a bit too much for using a wildcard? So wondering if there’s any other options without using a wildcard. If there’s no other options then I can stick with wildcard but again wonder if there’s alternatives.
Thanks everyone in advance for any suggestions / advices.
2
Answers
You can define multiple resources in a policy without using a wildcard. You just need to add brackets:
}
If you want to be selective as to which SNS Topic subscriber receives a message, you can use Amazon SNS message filtering – Amazon Simple Notification Service:
If your AWS Lambda function is sending a message to the SNS Topic, and the two SMS recipients are subscribed to that topic, you can add an SNS filter policy that determines which subscriber will receive the message. This could be done on the content of the message, or your Lambda function could add a message attribute when sending the message to the SNS Topic and this attribute could be used in the filter policy to determine who should receive the message.
If you are always sending to only one recipient, the Lambda function could instead just call
publish()
with a phone number without needing to reference an SNS Topic. This will send the message to just that recipient without having to use any subscriber filter policies.See: Publishing to a mobile phone – Amazon Simple Notification Service