I am working on a solution to integrate auth0 and AWS SNS to send MFA sms to end users by using a toll free number published via amazon pinpoint. My concern is about the permissions that are required on the service account used by auth0 for this, it states " Create a new Amazon IAM User with the AmazonSNSFullAccess
role." . If we look at these permissions, the are giving the user/service account complete access on SNS and also to the entire set of resources in that specific region.
So it not only has access to the sns topic that is created for this integration, but also has access to the other resources that i create in SNS , in addition to what it might create in the background as it has full access.
I didnt find any documentation on what specific activities are performed by auth0 in the background and why it requires this specific role. It would be of much help if someone can provide those details or share an alternative to restrict access to all the other resources . I tried to restrict the scope of the service account to specific sns topic but it doesnt work that way.
Any help here is much appreciated.