> ## Documentation Index > Fetch the complete documentation index at: https://help.getvero.com/llms.txt > Use this file to discover all available pages before exploring further. # AWS SNS IAM access policy > Configure an AWS IAM policy with the minimum permissions required for Vero's Amazon SNS push integration. When configuring an [Amazon SNS push channel](/vero-2/channels/push/how-to-configure-a-push-channel) in Vero, we recommend creating a dedicated IAM user with a minimal access policy rather than using your root AWS credentials. ## Create a dedicated IAM user Create a new user in your AWS IAM account specifically for Vero. This limits Vero's access to only the SNS resources it needs. To create an IAM user, follow the [AWS IAM user creation guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html). During setup you'll be asked to assign a policy — create a new one using the example below. ## Recommended policy Create a new policy (for example, named `vero-sns-push`) and attach it to the IAM user. The policy below grants the minimum permissions Vero requires: * Listing the SNS platform applications (so Vero can populate the provider dropdowns) * Creating and managing platform endpoints (device tokens) * Publishing messages to those endpoints ```json theme={null} { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowPublishingMessages", "Effect": "Allow", "Action": "sns:Publish", "Resource": [ "arn:aws:sns:us-east-1:ACCOUNT_ID:app/GCM/YOUR_ENDPOINT_NAME", "arn:aws:sns:us-east-1:ACCOUNT_ID:app/APNS_SANDBOX/YOUR_ENDPOINT_NAME" ] }, { "Sid": "AllowListingServicesAndManagingEndpoints", "Effect": "Allow", "Action": [ "sns:ListPlatformApplications", "sns:CreatePlatformEndpoint", "sns:GetEndpointAttributes", "sns:DeleteEndpoint" ], "Resource": "*" } ] } ``` Replace `ACCOUNT_ID` with your AWS account ID and `YOUR_ENDPOINT_NAME` with the name of your SNS platform application. ## Need Help? If you have any questions, reach out to us at [support@getvero.com](mailto:support@getvero.com).