Publish a message from an SNS in one AWS account to an SQS in a different AWS account

Suppose you have AWS SNS in Account A and you want to publish a message to AWS SQS in Account B. Here's how you can do it.

Account A :

• Create a new standard SNS topic and add the following policy to allow an SQS from another account to subscribe

{
   "Effect":"Allow",
   "Principal":{
      "AWS":"<ID_OF_ACCOUNT_B>"
   },
   "Action":"sns:Subscribe",
   "Resource":"arn:aws:sns:<REGION>:<ID_OF_ACCOUNT_A>:<TOPIC_NAME>"
}

Account B :

1. Create a new IAM user with permission to read message to SQS. Also create access key for IAM user. access key will be used by consumer for reading message from SQS.
2. Create a new KMS and allow IAM user to encrypt and decrypt message by choosing IAM user from 1.
3. Add the following policy to KMS from 2. to allow SNS from account A to be able to send encrypt message to SQS

        {
            "Sid": "Allow use of the key from another account",
            "Effect": "Allow",
            "Principal": {
                "Service": "sns.amazonaws.com",
                "AWS": "arn:aws:iam::{ACCOUNT_OF_SNS}:root"
            },
            "Action": "kms:*",
            "Resource": "*"
        }

1. Create a new SQS with SSE KMS

References :

• https://www.youtube.com/watch?v=Von_VgswnJU