I ended up create the IAM role and specified the roles as part of SNS topic creation like this in golang:
topic, err := sns.NewTopic(ctx, snsTopicName, &sns.TopicArgs{
Policy: notificationPolicy,
SqsFailureFeedbackRoleArn: snsFeedbackRole.Arn,
SqsSuccessFeedbackRoleArn: snsFeedbackRole.Arn,
})
The IAM role with this policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutMetricFilter",
"logs:PutRetentionPolicy"
],
"Resource": "*"
}]
}