Macklus.Net

Macklus.Net


For fun and profit

Categories


Create IAM’s user for SNS notification sending

macklusmacklus

También puedes leer este apunte en castellano pulsando aquí.

One of the recommended ways to perform sending notifications with SNS , is to create a user of IAM (the AWS Identity Management System).

Thus, we will have a user with their access codes, configured only to be able to send notifications, which offers us greater security.

Only requirement for the creation of this user is to have already created our SNS topic and to point its RNA. If you have not created it yet, you can follow the entry “ Configure SNS to receive notifications

Access to the IAM console

First step is always to access the AWS console .

Once inside, in the search bar we will look for “IAM” to be able to access the identity console.

Creating an IAM policy

Creating an IAM user to send with SNS, step 1

Once we are in the IAM welcome screen, we will start creating a new Policy, clicking on the “Policies” link in the menu on the left.

Since our user has to have an applied policy that gives him permission, we will start creating this policy, so that the creation process is easier to see.

Within the default policies of IAM we can find already defined policies for most of the services, although we will define our own to restrict access to the user as much as possible.

Once in the policy screen, click on the “Create a policy” button

Creating an IAM user to send with SNS, step 2

When accessing the policy creation screen we will have two options:

In our case, we are going to go directly to the JSON tab, since we will introduce the permissions in that way. The code that we must indicate is the following:

{
     "Version": "2012-10-17",
     "Statement": [
         {
             "Effect": "Allow",
             "Action": "sns: Publish",
             "Resource": "arn: aws: sns: eu-west-1: 1836171893615: myTopic"
         }
     ]
 }  

In the Resource section we must indicate the arn of the topic that we are going to use for the shipments.

By clicking on Review policy, it will be verified that the code we have set is correct, and we will go to the verification screen.

Creating an IAM user to send with SNS, step 3

Last step is to indicate a name for the policy, and a brief description, and clicking on “Create a policy”, we will have our policy created.

Create user on IAM

Creating an IAM user to send with SNS, step 4

On left menu we will see the different options, and we will access the users tab by clicking on the “Users” link.

Inside the user screen we will see the active users (if any), and we can create a new user by clicking on the “Add user (s)” button.

Inside the user creation screen, first we will indicate the name we want it to have, and that we will access it in a programmatic way.

Creating an IAM user to send with SNS, step 5

With basic user data already created, the next step is to add the permissions that you are going to have. As we have already created a policy, we just have to indicate that our user must use it, and for that:

Creating an IAM user to send with SNS, step 6

Once finished, we click on the labels button to go to the labels screen.

Here we can indicate the labels that we want (it is optional), to identify the characteristics of that user.

Creating an IAM user to send with SNS, step 7

Once we finish, we will click on the “Next: review” button to finish.

Last step to create the user is to review the configuration of this and click on the “Create user” button.

If everything went well, we will see a message indicating that we have already created the user, and we can download or see the keys to connect with that user.

Creating an IAM user to send with SNS, step 9

After that, we can use this data to send SNS notifications.

macklus
Author