I configured AWS EventBridge to post events to an SNS target. When an event is received, the SNS target is never triggered and none of the SNS subscribers get the event.
If I add other targets to EventBridge it works (eg, Lambda) but the SNS does not. Adding a dead-letter queue to SQS show there's a permissions issue:
However, changing the Access Policy of SNS does not work.
On
If encryption is enabled for SNS, disabling it is not the solution. Rather give events service the required access policy to encrypted SNS topic.
More details on following link here: https://aws.amazon.com/premiumsupport/knowledge-center/cloudwatch-receive-sns-for-alarm-trigger/#:~:text=If%20the%20SNS%20topic%20must,messages%20to%20encrypted%20SNS%20topics.
Replace cloudwatch.amazonaws.com to events.amazonaws.com
Update:
It seems encryption is not supported if using the default AWS Key Management Service (KMS). It can be configured using customer managed keys as explained in this other answer.
Old answer:
The problem seems to be a configuration issue or even a bug in AWS. If the SNS Topic has Encryption At-Rest enabled, then it fails.
The solution is to disable Encryption under the SNS Topic settings: