如何在代码中创建AWS SNS主题(iOS Mobile Hub SDK)

我想在代码中动态创建Amazon SNS主题。我正在使用适用于iOS的AWS Mobile Hub sdk。

当我尝试创建一个主题时

…
AWSSNSCreateTopicInput* input = [AWSSNSCreateTopicInput new];
NSString* name = @"topic_name";
[input setName:name];
[[[[AWSSNS defaultSNS] createTopic:input] continueWithSuccessBlock:^id _Nullable(AWSTask<AWSSNSCreateTopicResponse *> * _Nonnull task)
…

我从AWS得到一个错误：

<Message>User: (role/credentials) is not authorized to perform: SNS:CreateTopic on resource: (topic)</Message>

（角色/凭据）表示IAM角色及其Cognito凭据。（主题）是我通过给出主题名称请求的主题的ARN

AWS Mobile Hub为我的Mobile Hub角色创建了以下推送策略：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sns:CreatePlatformEndpoint",
                "sns:GetEndpointAttributes",
                "sns:SetEndpointAttributes"
            ],
            "Resource": [
                "(APN role arn)"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sns:Subscribe",
                "sns:Publish",
                "sns:Unsubscribe"
            ],
            "Resource": [
                "(dynamodb role arn)",
                "(Mobile Hub Role arn)"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sns:ListTopics"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

我试着添加行

"sns:CreateTopic",

到中间的权限集（刚好在"sns:Subscribe"之上），但这并没有解决错误。从错误消息和阅读AWS文档来看，我似乎必须为我创建的每个主题附加一个策略才能使用它

The following example shows the permissions that are automatically created by AWS Config for a new topic. This policy statement allows AWS Config to publish to a specified Amazon SNS topic.
If you want to use an existing SNS topic from another account or you set up your delivery channel using the API, make sure to attach the following policy to the SNS topic.
{
  "Id": "Policy1415489375392",
  "Statement": [
    {
      "Sid": "AWSConfigSNSPolicy20150201",
      "Action": [
        "SNS:Publish"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:sns:region:account-id:myTopic",
      "Principal": {
        "Service": [
          "config.amazonaws.com"
        ]
      }
    }
  ]
}

和

 IAM Role Policy for Amazon SNS Topic
Use this example policy as a model for granting AWS Config permissions to access your SNS topic:
{
  "Version": "2012-10-17",
  "Statement": 
   [
     {
      "Effect":"Allow",
      "Action":"sns:Publish",
      "Resource":"yourSNStopicARN"
     }
    ]
}

这就是我所能找到的关于使用sdk创建主题的全部内容。有人能给我举一个完整的例子吗？

    {
        "Effect": "Allow",
        "Action": [
            "sns:ListTopics",
            "sns:CreateTopic",
        ],
        "Resource": [
            "*"
        ]
    }