AWS Quick Notes — Messaging with SNS

Amazon SNS has a Pub/Sub architecture that helps send messages from an application to many different receivers.

The event producer sends one message to an SNS topic.

The event subscriptions(receivers) listen to the SNS topic for notifications.

All subscribers to this topic can get all the messages, or use a filter to get the messages they want.

Subscribers can be SQS, any HTTP/HTTPS endpoint, Lambda, emails, SMS or Push Notifications(Google GCM, Apple APNS, etc.).

The most visible use case is where CloudWatch alarms can be configured to send out notifications in event of a breach.

Encryption is supported in flight by using HTTPS API. At rest CMK Keys using KMS can be used.The client can always perform the encryption and decryption itself if needed.

Access Controls

Access Controls can be implemented using IAM for SNS API

SNS Access Policies are similar to S3 bucket policies or SQS Access Policies.They help with cross account access and allowing services such as S3 to write to an SNS topic.

FIFO

SNS also supports FIFO topics but only SQS queues can be used as subscribers.

All messages in the same group are ordered.

De-duping messages is also supported by deduplication id or content based deduplication.

Message Filtering

A JSON based policy can be used to filter messages sent to SNS topics subscriptions.The policy can filter based on a value in the key value pair. For example only give me messages where country=”USA”.In this example you could have SQS queues setup for various countries.