DEV Community

Mac
Mac

Posted on

Publish a message from an SNS in one AWS account to an SQS in a different AWS account

Suppose you have AWS SNS in Account A and you want to publish a message to AWS SQS in Account B. Here's how you can do it.

Account A :

  • Create a new standard SNS topic and add the following policy to allow an SQS from another account to subscribe 
{
   "Effect":"Allow",
   "Principal":{
      "AWS":"<ID_OF_ACCOUNT_B>"
   },
   "Action":"sns:Subscribe",
   "Resource":"arn:aws:sns:<REGION>:<ID_OF_ACCOUNT_A>:<TOPIC_NAME>"
}
Enter fullscreen mode Exit fullscreen mode

Account B :

  1. Create a new IAM user with permission to read message to SQS. Also create access key for IAM user. access key will be used by consumer for reading message from SQS.
  2. Create a new KMS and allow IAM user to encrypt and decrypt message by choosing IAM user from 1. Image description
  3. Add the following policy to KMS from 2. to allow SNS from account A to be able to send encrypt message to SQS 
        {
            "Sid": "Allow use of the key from another account",
            "Effect": "Allow",
            "Principal": {
                "Service": "sns.amazonaws.com",
                "AWS": "arn:aws:iam::{ACCOUNT_OF_SNS}:root"
            },
            "Action": "kms:*",
            "Resource": "*"
        }
Enter fullscreen mode Exit fullscreen mode
  1. Create a new SQS with SSE KMS

References :

Top comments (0)

Read next

godfreymutebi profile image

How to create a comment and reply system in Ruby on Rails

Mutebi Godfrey -

shubhamku044 profile image

Launching Your First AWS EC2 Instance: A Complete Guide for DevOps Beginners

Shubham Sharma -

tmchuynh profile image

Introducing Vanilla Calendar Pro: A Simple, Customizable JavaScript Calendar Library

Tina Huynh -

robertobutti profile image

How to Build a Content-Driven Static Site with Markdown, SvelteKit and Fusionable

Roberto B. -