I am trying to create an event on an S3 bucket (named testBucket) so that every time a new object is created, a message is sent to SNS.
I've done some research and added:
"ArnLike": {"aws:SourceArn": "arn:aws:s3:*:*:testBucket"}
to the target topic's policy.
But, when I try to create the event, it still shows: Permissions on the destination topic do not allow S3 to publish notifications from this bucket.
Any ideas?
Problem solved. Before I was adding the condition line inside the default statement:
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:testBucket"
}
Turns out I have to create a new statement with publish action in it.
{
"Sid": "publish-from-s3",
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-southeast-2:XXXXXXXXXXXXXX:testTopicforS3",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:testBucket"
}
}
}