DEV Community

Mac
Mac

Posted on

Publish a message from an SNS in one AWS account to an SQS in a different AWS account

Suppose you have AWS SNS in Account A and you want to publish a message to AWS SQS in Account B. Here's how you can do it.

Account A :

  • Create a new standard SNS topic and add the following policy to allow an SQS from another account to subscribe 
{
   "Effect":"Allow",
   "Principal":{
      "AWS":"<ID_OF_ACCOUNT_B>"
   },
   "Action":"sns:Subscribe",
   "Resource":"arn:aws:sns:<REGION>:<ID_OF_ACCOUNT_A>:<TOPIC_NAME>"
}
Enter fullscreen mode Exit fullscreen mode

Account B :

  1. Create a new IAM user with permission to read message to SQS. Also create access key for IAM user. access key will be used by consumer for reading message from SQS.
  2. Create a new KMS and allow IAM user to encrypt and decrypt message by choosing IAM user from 1. Image description
  3. Add the following policy to KMS from 2. to allow SNS from account A to be able to send encrypt message to SQS 
        {
            "Sid": "Allow use of the key from another account",
            "Effect": "Allow",
            "Principal": {
                "Service": "sns.amazonaws.com",
                "AWS": "arn:aws:iam::{ACCOUNT_OF_SNS}:root"
            },
            "Action": "kms:*",
            "Resource": "*"
        }
Enter fullscreen mode Exit fullscreen mode
  1. Create a new SQS with SSE KMS

References :

Top comments (0)

Read next

sanskar_4862 profile image

How AI is Revolutionizing Software Development

Sanskar A -

aidudo profile image

Deploying NGINX as an Ingress Controller in Kubernetes: A Comprehensive Step-by-Step Guide with Architectural Diagram

Nicholas Osi -

krinskumar profile image

Releasing my open source project.

Krinskumar Vaghasia -

prathiksha_dcsbs_9a50f2d profile image

Finding shortest path through a maze

PRATHIKSHA D CSBS -