Alchemy

Appearance

TopicInlinePolicy ​

The TopicInlinePolicy resource lets you manage inline policies for Amazon Simple Notification Service (SNS) topics. Inline policies help you define permissions directly associated with the SNS topic. You can find more information in the AWS SNS TopicInlinePolicys documentation.

Minimal Example ​

Create a basic inline policy for an SNS topic with required properties.

ts
import AWS from "alchemy/aws/control";

const snsTopicPolicy = await AWS.SNS.TopicInlinePolicy("mySnsTopicPolicy", {
  TopicArn: "arn:aws:sns:us-east-1:123456789012:myTopic",
  PolicyDocument: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: "SNS:Publish",
        Resource: "arn:aws:sns:us-east-1:123456789012:myTopic",
        Principal: {
          AWS: "arn:aws:iam::123456789012:role/myRole"
        }
      }
    ]
  },
  adopt: true // Adopt existing resource if it already exists
});

Advanced Configuration ​

Define a more complex policy that includes additional permissions and conditions.

ts
const advancedSnsTopicPolicy = await AWS.SNS.TopicInlinePolicy("advancedSnsTopicPolicy", {
  TopicArn: "arn:aws:sns:us-east-1:123456789012:myAdvancedTopic",
  PolicyDocument: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: ["SNS:Publish", "SNS:Subscribe"],
        Resource: "arn:aws:sns:us-east-1:123456789012:myAdvancedTopic",
        Principal: {
          AWS: "arn:aws:iam::123456789012:role/myAdvancedRole"
        },
        Condition: {
          "StringEquals": {
            "AWS:SourceArn": "arn:aws:sns:us-east-1:123456789012:myAdvancedTopic"
          }
        }
      }
    ]
  }
});

Policy for Multiple Actions ​

Create a policy that allows multiple actions for different principals.

ts
const multiActionSnsTopicPolicy = await AWS.SNS.TopicInlinePolicy("multiActionSnsTopicPolicy", {
  TopicArn: "arn:aws:sns:us-east-1:123456789012:myMultiActionTopic",
  PolicyDocument: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: ["SNS:Publish", "SNS:Subscribe"],
        Resource: "arn:aws:sns:us-east-1:123456789012:myMultiActionTopic",
        Principal: {
          AWS: "arn:aws:iam::123456789012:role/myMultiActionRole"
        }
      },
      {
        Effect: "Allow",
        Action: "SNS:DeleteTopic",
        Resource: "arn:aws:sns:us-east-1:123456789012:myMultiActionTopic",
        Principal: {
          AWS: "arn:aws:iam::123456789012:role/myAdminRole"
        }
      }
    ]
  }
});

Conditional Policy ​

Define a policy that restricts actions based on specific conditions.

ts
const conditionalSnsTopicPolicy = await AWS.SNS.TopicInlinePolicy("conditionalSnsTopicPolicy", {
  TopicArn: "arn:aws:sns:us-east-1:123456789012:myConditionalTopic",
  PolicyDocument: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: "SNS:Publish",
        Resource: "arn:aws:sns:us-east-1:123456789012:myConditionalTopic",
        Principal: {
          AWS: "arn:aws:iam::123456789012:role/myConditionalRole"
        },
        Condition: {
          "IpAddress": {
            "aws:SourceIp": "203.0.113.0/24"
          }
        }
      }
    ]
  }
});