I want to set up IAM policies to allow an user to publish to SNS to send SMS and to publish to a specific SNS arn.
I have found a way to allow SMS publish without allowing any SNS publish : Authorization when sending a text message using AmazonSNSClient
"Version": "2012-10-17",
"Statement": [
"Effect": "Deny",
"Action": [
"Resource": "arn:aws:sns:*:*:*"
"Effect": "Allow",
"Action": [
"Resource": "*"
But this policy is explicitly denying all other SNS publish, so I can't add a policy allowing a specific SNS.
The problem is that SMS publish does not have a specific arn.
So I am looking at conditions to find a way to limit the allow to publish only SMS. But the specific SMS parameters (PhoneNumber cf https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/SNS.html#publish-property) cannot be filtered in condition :
"Version": "2012-10-17",
"Statement": [
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "*",
"Condition": {"Null":{"PhoneNumber":"false"}}
Is there a way to accomplish such a policy ?