AWS Cross Account SNS Publish


We have two accounts 111111111111 and 222222222222.

Requirement – Account 111111111111 will create a snapshot of a RDS on a daily basis. Once the snapshot is taken, we want account 111111111111 to publish to the SNS topic created in account 222222222222. Once Account 222222222222 receives the notification it runs a Lambda function.

I have attached the following policy to the topic created in account 222222222222

I am receiving the following error when account 111111111111 is trying to publish to 222222222222

*”message”: “AuthorizationError: User: arn:aws:sts::************assumed-role/tf-rds_eventhandler/tf-rds_eventhandler is not authorized to perform: SNS:Publish on resource: arn:aws:sns:us-east-1:xxxxxxxxxxxx:RestoreRDSEng\n\tstatus code: 403, request id: 098f4647-c9ad-51fe-9bc3-17b45deef60e”*


  1. Is there anything wrong in this approach?
  2. Should I create a role in account 222222222222 with trusted access to 111111111111?
  3. Any other suggestions would be appreciated.


The Principal needs to be the service or role in account 11111… that you want to take the action of publishing to the SNS topic. For example:

Leave a Reply