How to setup permissions for S3 event to SNS topic?

Problem solved. Before I was adding the condition line inside the default statement:

    "ArnLike": {
        "aws:SourceArn": "arn:aws:s3:*:*:testBucket"
    }

Turns out I have to create a new statement with publish action in it.

        {
          "Sid": "publish-from-s3",
          "Effect": "Allow",
          "Principal": {
            "Service": "s3.amazonaws.com"
          },
          "Action": "SNS:Publish",
          "Resource": "arn:aws:sns:ap-southeast-2:XXXXXXXXXXXXXX:testTopicforS3",
          "Condition": {
            "ArnLike": {
              "aws:SourceArn": "arn:aws:s3:*:*:testBucket"
            }
          }
        }

Instead of adding a new statement, put "Service": "s3.awsamazon.com" inside Principal. So it would look like:

  Statement: [
    {
      "Sid": "publish-from-s3",
      "Effect": "Allow",
      "Principal": {
        "Service": "s3.amazonaws.com",  # ADD THIS!  
        "AWS": <AWS_Account_Name_for_Access>
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:ap-southeast-2:XXXXXXXXXXXXXX:testTopicforS3",
      "Condition": {
        "ArnLike": {
          "aws:SourceArn": "arn:aws:s3:*:*:*"  
        }
      }
    }
  ]

Yeah, after create SNS, modify it to add a statement (after the default one):

{
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:Publish",
        "SNS:RemovePermission",
        "SNS:SetTopicAttributes",
        "SNS:DeleteTopic",
        "SNS:ListSubscriptionsByTopic",
        "SNS:GetTopicAttributes",
        "SNS:Receive",
        "SNS:AddPermission",
        "SNS:Subscribe"
      ],
      "Resource": "your sns arn"
    },
    {
      "Sid": "s3",
      "Effect": "Allow",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "your sns arn"
    }
  ]
}