1 Answer
- Newest
- Most votes
- Most comments
0
the aws:PrincipalArn condition is too restrictive as it's trying to match an exact service role ARN. But the aws:PrincipalArn includes the account ID, which can vary if you have multiple accounts. You'd better use aws:SourceArn and set its value to the ARN of the Security Hub service role in the account where the SNS topic resides.
Second, the value of the Resource field should be the ARN of the SNS topic you want to grant access to. The ARN has the following format: arn:aws:sns:region:account-id:topicname.
Relevant content
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago