diff --git a/CHANGELOG.md b/CHANGELOG.md
index f9b14cd7c..48adf3481 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - `ARIA_S1_GUNW` job type to hyp3-edc-uat deployment.
-- All jobs now have `sns:Publish` permissions for all SNS topics.
+- All jobs now have `sns:Publish` permissions for SNS topics in the same AWS region and account for the purpose of sending messages to a co-located deployment of <https://github.com/ASFHyP3/ingest-adapter>.
 
 ### Changed
 - The reserved `bucket_prefix` job spec parameter has been renamed to `job_id` and can be referenced as `Ref::job_id` within each step's `command` field.
diff --git a/apps/compute-cf.yml.j2 b/apps/compute-cf.yml.j2
index 9e698b875..90d5459e2 100644
--- a/apps/compute-cf.yml.j2
+++ b/apps/compute-cf.yml.j2
@@ -179,7 +179,7 @@ Resources:
             Resource: !Sub "arn:aws:s3:::${ContentBucket}/*"
           - Effect: Allow
             Action: sns:Publish
-            Resource: "arn:aws:sns:*"
+            Resource: !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:*"
 
   BatchServiceRole:
     Type: {{ 'Custom::JplRole' if security_environment in ('JPL', 'JPL-public') else 'AWS::IAM::Role' }}