diff --git a/.changelog/28253.txt b/.changelog/28253.txt
new file mode 100644
index 000000000000..3e6486b6837e
--- /dev/null
+++ b/.changelog/28253.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_sns_topic_subscription: Fix unsupported `FilterPolicyScope` attribute error in the aws-cn partition
+```
diff --git a/internal/service/sns/topic_subscription.go b/internal/service/sns/topic_subscription.go
index 99aa586c6d96..71e2ebce05b7 100644
--- a/internal/service/sns/topic_subscription.go
+++ b/internal/service/sns/topic_subscription.go
@@ -406,8 +406,16 @@ func normalizeTopicSubscriptionDeliveryPolicy(policy string) ([]byte, error) {
 func resourceTopicSubscriptionCustomizeDiff(_ context.Context, diff *schema.ResourceDiff, _ interface{}) error {
 	hasPolicy := diff.Get("filter_policy").(string) != ""
 	hasScope := !diff.GetRawConfig().GetAttr("filter_policy_scope").IsNull()
+	hadScope := diff.Get("filter_policy_scope").(string) != ""
 
 	if hasPolicy && !hasScope {
+		if !hadScope {
+			// When the filter_policy_scope hasn't been read back from the API,
+			// don't attempt to set a value. Either the default will be computed
+			// on the next read, or this is a partition that doesn't support it.
+			return nil
+		}
+
 		// When the scope is removed from configuration, the API will
 		// continue reading back the last value so long as the policy
 		// itself still exists. The expected result would be to revert
diff --git a/internal/service/sns/topic_subscription_test.go b/internal/service/sns/topic_subscription_test.go
index e9f1ad756672..764b72a9d21e 100644
--- a/internal/service/sns/topic_subscription_test.go
+++ b/internal/service/sns/topic_subscription_test.go
@@ -1205,6 +1205,8 @@ resource "aws_sns_topic_subscription" "test" {
   protocol               = "https"
   endpoint               = replace(aws_api_gateway_deployment.test.invoke_url, "https://", "https://davematthews:granny@")
   endpoint_auto_confirms = true
+
+  confirmation_timeout_in_minutes = 3
 }
 `, rName)
 }