By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

"The provided number does not exist or does not belong to the account." error when trying to send messages via SNS or Pinpoint even though the required origination identity is acquired in the account.

4 minute read
Content level: Intermediate
0

I want to resolve the “The provided number does not exist or does not belong to the account.” error when I send an SMS message using AWS SNS or Pinpoint from my account.

Short Description

This error occurs when users sending SMS messages via Amazon Simple Notification Service (Amazon SNS) or Amazon Pinpoint do not provide the necessary permissions to the appropriate service to use the origination identity present in the account. Since you acquire the origination identities from End User Messaging service , you will need to explicitly provide permissions for other services to use these identities.

Resolution

Once you have acquired the necessary origination identity supported by the destination country in your account and region as documented here , verify if the origination identity provides permissions for it to be used by SNS and/or Pinpoint service.

  1. Navigate to "End User Messaging" console in your AWS Account and the particular AWS region.
  2. If you are using a origination Phone Number (Long Code, TFN, 10DLC number, Short code, or Simulator number) to send SMS messages , click on "Phone numbers" section from the left hand side list and select your intended origination number. Then navigate to the "Resource policy" tab and add the below permissions in order to allow SNS and Pinpoint services to use the phone number when sending SMS from your account.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "pinpoint.amazonaws.com"
      },
      "Action": [
        "sms-voice:SendTextMessage",
        "sms-voice:SendVoiceMessage"
      ],
      "Resource": "arn:aws:sms-voice:Region:Account:phone-number/Phone-id",
      "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "Account"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sns.amazonaws.com"
      },
      "Action": "sms-voice:SendTextMessage",
      "Resource": "arn:aws:sms-voice:Region:Account:phone-number/Phone-id",
      "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "Account"
        }
      }
    }
  ]
}

In the above policy, first make the following changes and then paste the JSON to the Resource policy tab and save changes.

  • Replace Region with the AWS Region the phone number is in.
  • Replace Account with the account number that owns the phone number.
  • Replace Phone-id with the identifier of the phone number.
  1. If you are using a origination Sender ID to send SMS messages , click on "Sender IDs" section from the left hand side list and select your intended origination sender id. Then navigate to the "Resource policy" tab and add the below permissions in order to allow SNS and Pinpoint services to use the sender id when sending SMS from your account.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "pinpoint.amazonaws.com"
      },
      "Action": [
        "sms-voice:SendTextMessage",
        "sms-voice:SendVoiceMessage"
      ],
      "Resource": "arn:aws:sms-voice:Region:Account:sender-id/SenderID/ISO",,
      "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "Account"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sns.amazonaws.com"
      },
      "Action": "sms-voice:SendTextMessage",
      "Resource": "arn:aws:sms-voice:Region:Account:sender-id/SenderID/ISO",
      "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "Account"
        }
      }
    }
  ]
}

In the above policy, first make the following changes and then paste the JSON to the Resource policy tab and save changes.

  • Replace Region with the AWS Region the sender id is in.
  • Replace Account with the AWS account number that owns the sender ID.
  • Replace SenderID with the identifier of the sender ID.
  • Replace ISO with the two-letter ISO-3166 alpha-2 code for the country of the sender ID.

Note :

  1. If you only intend to use SNS and not Pinpoint (or vice versa) to send SMS messages, you can further modify the above resource policy by only including the permission statements for the intended service, thereby following the AWS best practice of granting least-privilege permissions.

  2. An example of the "Resource" element for both phone number and a sender id is as below.

Phone Number Resource : "arn:aws:sms-voice:ap-southeast-2:123456789012:phone-number/phone-8dc0a7c42e98bf7d4528ef78932ab780" where "ap-southeast-2" is the region where the phone number exists in the account, "123456789012" is the AccountID, and "phone-8dc0a7c42e98bf7d4528ef78932ab780" is the origination phone number identifier which can be found on the End User Messaging console.

Sender ID Resource : "arn:aws:sms-voice:ap-southeast-2:123456789012:sender-id/TEST/SE" where "ap-southeast-2" is the region where the sender ID exists in the account, "123456789012" is the AccountID, "TEST" is the acquired sender id, "SE" is the ISO country code for which the sender id was acquired.

  1. If you want to share the origination identities present in one account to be used by another account , please refer to the documentation here

  2. Even after updating the resource policy for the origination identity if you still encounter any errors when sending SMS messages, please reach out to AWS Support team via a support case.

Topics
Application IntegrationFront-End Web & MobileBusiness Applications
Tags
Amazon Simple Notification Service (SNS)Amazon PinpointAWS End User Messaging
Language
English
AWS
SUPPORT ENGINEER
published 3 months ago486 views
No comments

Relevant content