This article is the first part of a series about AWS SNS. Be sure to read through all the posts by clicking on the links below:
AWS SNS: The Complete Guide – Part 1: Theory
AWS SNS: The Complete Guide – Part 2: AWS CLI SNS Commands
AWS SNS: The Complete Guide – Part 3: AWS SNS Boto3 Interface
AWS SNS: The Complete Guide – Part 4: AWS SNS Unit Testing Using Moto
AWS SNS: The Complete Guide – Part 5: AWS SNS using Terraform
AWS SNS: The Complete Guide – Part 6: AWS SNS FAQ

Simple Notification Service (SNS) is a fully managed messaging service provided by SNS. It helps to decouple the application by allowing publishers to publish messages to SNS topics asynchronously. Once the publisher publishes the messages to the SNS topic, the SNS service sends the message to the endpoints, also known as subscribers. It allows sending a single message to multiple subscribers/endpoints.

You can refer to the SNS notes below if you are planning to appear for various AWS certification exams like:

In this article, we will talk about the following points in detail.

Types of AWS SNS Topics

AWS SNS supports two types of SNS topics. The kind of SNS topic has to be selected while creating the topic and cant be changed once you create the topic. The type of topic is as follows:

  1. FIFO (First In, First Out)
  2. Standard

FIFO (First In, First Out)

  • YOu can use it where message ordering is essential. SNS FIFO topic ensures that it is strictly preserving the message ordering.
  • It provides high throughput (supports 300 messages/second)
  • It supports exactly-once delivery semantics.
  • It supports the SQS subscription endpoint only.

Standard

  • YOu can use it where message ordering is not strictly necessary. AWS SNS tries to deliver the messages in order; however, it’s not fully guaranteed as it is best-effort message ordering.
  • It follows at least once delivery semantics, so one message can deliver multiple times in some cases.
  • It supports the highest throughput.

AWS SNS – Topic Naming Convention

  • You can consider the topic display name as an alias for the topic name.
  • The first ten characters of the topic display name will be shown when a message is sent to an SNS subscriber.

AWS SNS – Subscription Endpoints

  • You can create multiple subscription endpoints for the same SNS topic. SNS will deliver the message to all the subscribers.
  • SNS supports m, utilizes subscription endpoints.
  • Once you create an SNS subscription, SN will send a subscription confirmation message to the endpoint. 
  • SNS will start sending a message to subscription endpoints only after you8 confirm the subscription
  • The supports SNS Subscription endpoints are
    • Amazon Kinesis Data Firehose
    • Amazon SQS
    • Amazon Lambda
    • Email
    • Email-0JSON
    • HTTP
    • HTTPS
    • PLatform application ENDPOINT
    • SMS

AWS SNS – Subscription Filter Policy

  • SNS delivers the message to all its subscribers by default.
  • You can use a subscription filter policy to deliver a subset of a message to a particular subscription endpoint.
  • Each SNS subscription endpoint can have an optional subscription filter policy.
  • The message filter depends on subscri[ptiopn policy and message attribute.
  • The subscription will receive a message only when conditions in the subscription filter policy are met.
  • The sample subscrition policy looks like specified json: {“mandatoryKey”: [“any”, “of”, “these”]}
  • The filter policy can have a maximum of 5 attribute keys.
  • The maximum size of the filter policy is 256KB.
  • You can have a 200 filter policy per AWS account per region.
  • Attribute string value matching supports exact matching, prefix matching, anything-but matching, and IP-address matching.
  • Attribute numeric value matching supports exact matching, anything but matching, and value range matching.
  • Attribute key matching support exists operator.

AWS SNS – Redrive Policy (Dead-letter Queue)

  • You can have one re-drive policy per subscription.
  • SNS will send the messages that SNS can’t deliver to subscription endpoint to SQS (Dead-letter Queue).
  • You can then reprocess the messages in the dead-letter queue as per business requirements.

AWS SNS – Content-Based message deduplication

  • AWS SNS allows content-based message deduplication by calculating SHA-256 of the message body.
  • You must include a message deduplication id while publishing a message to SNS FIFO.
  • If you reuse the deduplication id, SNS FIFO will accept the message, but it will not deliver it to the subscription endpoint.
  • The deduplication interval is five minutes.
  • This functionality applies only to the FIFO topic.

AWS SNS – Encryption at rest

  • SNS supports encryption at rest.
  • Once enabled, SNS will encrypt the message body before storing it on the SNS topic.
  • It is server-side encryption as SNS takes care of encryption and decrypting the data.
  • SNS will decrypt the message just before delivering it to subscription endpoints
  • You will have to provide custom CMK to SNS so that SNS can encrypt and decrypt the data.

AWS SNS – Delivery Retry Policy (HTTP/S)

  • It applies only to HTTP or HTTPS endpoints.
  • The HTTP/S endpoint can have downtime when AWS SNS is trying to deliver the message to it.
  • In his cases, AWS will try to send the message again.
  • Delivery Retry Policy governs the number of reties
  • The delivery retry policy supports below configurations:
    • Number of retries
    • Retries without delay
    • Minimum delay
    • Maximum delay
    • Minimum delay retries
    • Maximum delay retries
    • Maximum receive rate
    • Retry-backoff function
    • Override subscription policy
  • Below is the default delivery retry policy JSON:
{
  "http": {
    "defaultHealthyRetryPolicy": {
      "numRetries": 3,
      "numNoDelayRetries": 0,
      "minDelayTarget": 20,
      "maxDelayTarget": 20,
      "numMinDelayRetries": 0,
      "numMaxDelayRetries": 0,
      "backoffFunction": "linear"
    },
    "disableSubscriptionOverrides": false
  }
}

AWS SNS – Access Policy

  • SNS Access policy defines who can access the SNS topic.
  • A policy statement is a JSON object containing keys:
    • Effect
      • The effect could be Allow or Deny.
    • Principal
      • The user or service for which this policy will be applicable
    • Action
      • It contains the list of all actions which will be effective for the principal. e.g., SNS: Publish, SNS: Subscribe, and so on 
    • Resource
      • Resource for which you are defining the policy
    • Condition
      • Additional conditions are needed to Allow or Deny access.
  • The default policy statement that allows only the topic owner to publish and subscribe looks like below:
{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:Publish",
        "SNS:RemovePermission",
        "SNS:SetTopicAttributes",
        "SNS:DeleteTopic",
        "SNS:ListSubscriptionsByTopic",
        "SNS:GetTopicAttributes",
        "SNS:Receive",
        "SNS:AddPermission",
        "SNS:Subscribe"
      ],
      "Resource": "",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "123456789012"
        }
      }
    }
  ]
}

AWS SNS – Delivery Staus Logging

  • SNS supports logging the delivery status of each message sent to subscription endpoints
  • SNS will send delivery status to cloud watch logs.
  • SNS supports delivery status for the following subscription endpoints:
    • AWS Lambda
    • AWS SQS
    • HTTP
    • HTTPS
    • Platform Application Endpoint
    • Amazon Kinesis Data Firehose
  • You will need to create two service roles to allow SNS to publish Successful and Failed delivery status respectively to cloud watch logs.

AWS SNS – Tags

  • SNS Tag is key-value pair that you can assign to each SNS topic.
  • Each tag consists of a tag and an optional value. 
  • YOu can use the tags to filter AWS resources based on tags.
  • Tags are also helpful in tracking the resource cost.

Conclusion

Congratulations! You just learned about all the features offered by the AWS SNS service.

Related Articles