Configure AWS SNS IAM access policy to support Vero's mobile push notifications

Setting up the AWS IAM policy for SNS

When integrating mobile push notifications in Vero using Amazon AWS SNS as your messaging backend, we recommend the following configuration.

Configuring a user

We recommend adding a new user to your AWS IAM account specifically for use with Vero. This lets you limit Vero's access to the appropriate AWS SNS platforms, and nothing else.

To setup an AWS user, follow this guide. As part of setup you will be asked to assign a policy to the new user. We recommend creating a new policy in line with the section below.

Configuring the policy settings for Vero

We typically recommend creating a new security policy to attach to the IAM user that you will use to integrate Vero. For example, you might call this policy aws-sns-mobile-push-vero.

We've included an example of a policy below. Below is an example of a policy describing the minimum access required for Vero to work successfully with AWS. This access includes:

  • Fetching the platform endpoints you've configured in AWS for iOS and Android
  • Adding tokens to user profiles in Vero
  • Sending messages via the resulting AWS ARNs
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowPublishingMessages",
            "Effect": "Allow",
            "Action": "sns:Publish",
            "Resource": [
                "arn:aws:sns:us-east-1:SITE_ID:app/GCM/YOUR_END_POINT_NAME",
                "arn:aws:sns:us-east-1:SITE_ID:app/APNS_SANDBOX/YOUR_END_POINT_NAME"
            ]
        },
        {
            "Sid": "AllowListingServicesAndAddingTokens",
            "Effect": "Allow",
            "Action": [
                "sns:DeleteEndpoint",
                "sns:CreatePlatformEndpoint",
                "sns:GetEndpointAttributes",
                "sns:ListPlatformApplications"
            ],
            "Resource": "*"
        }
    ]
}

If you have any questions regarding AWS IAM permissions, please let us know via our support email.

Author

  • Rory Colsell
    Head of Design