diff --git a/cloudformation/iam.yml b/cloudformation/iam.yml
index 49e8db8..4fe3f44 100644
--- a/cloudformation/iam.yml
+++ b/cloudformation/iam.yml
@@ -9,6 +9,10 @@ Parameters:
     Default: undefined
     Type: String
     AllowedPattern: ^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$
+  SNSTopicName:
+    Type: String
+    AllowedPattern: ^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$
+
 Conditions:
   AuthorizerFunctionEnabled:
     Fn::Not:
@@ -95,6 +99,15 @@ Resources:
                 - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-membership-api-external-lists
                 - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-membership-api-provisioning-logs
         PolicyName: lambda-dynamo
+      - PolicyDocument:
+          Version: 2012-10-17
+          Statement:
+            - Action:
+                - sns:Publish
+              Effect: Allow
+              Resource:
+                - !Sub arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${SNSTopicName}
+        PolicyName: lambda-sns
 Outputs:
   MainFunctionRoleArn:
     Description: Main API IAM role ARN
diff --git a/cloudformation/main.yml b/cloudformation/main.yml
index 4b4cdf9..3c04d7a 100644
--- a/cloudformation/main.yml
+++ b/cloudformation/main.yml
@@ -85,6 +85,7 @@ Resources:
       Parameters:
         LambdaFunctionName: !Sub ${ApplicationPrefix}-lambda
         AuthLambdaFunctionName: !Sub ${ApplicationPrefix}-auth-lambda
+        SNSTopicName: !Sub ${ApplicationPrefix}-member-added-topic
 
   AppLogGroups:
     Type: AWS::Serverless::Application
@@ -299,4 +300,9 @@ Resources:
           - !Ref AWS::AccountId
           - ":"
           - !Ref AppApiGateway
-          - "/*/*/*"
\ No newline at end of file
+          - "/*/*/*"
+
+  MemberAddedSNSTopic:
+    Type: AWS::SNS::Topic
+    Properties:
+      TopicName: !Sub ${ApplicationPrefix}-member-added-topic
\ No newline at end of file