Amazon Simple Notification Service Developer Guide Amazon Simple Notification Service Developer Guide Amazon Simple Notification Service: Developer Guide Copyright © 2022 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Amazon Simple Notification Service Developer Guide Table of Contents What is Amazon SNS? ........................................................................................................................ 1 Features and capabilities ............................................................................................................. 3 Related services......................................................................................................................... 4 Accessing Amazon SNS ............................................................................................................... 4 Pricing for Amazon SNS .............................................................................................................. 5 Common Amazon SNS scenarios .................................................................................................. 5 Application integration....................................................................................................... 5 Application alerts............................................................................................................... 6 User notifications............................................................................................................... 6 Mobile push notifications.................................................................................................... 6 Working with AWS SDKs ............................................................................................................. 6 Amazon SNS event sources and destinations ......................................................................................... 8 Event sources............................................................................................................................ 8 Analytics........................................................................................................................... 8 Application integration....................................................................................................... 8 Billing and cost management .............................................................................................. 9 Business applications.......................................................................................................... 9 Compute........................................................................................................................... 9 Containers....................................................................................................................... 10 Customer engagement...................................................................................................... 10 Database......................................................................................................................... 11 Developer tools................................................................................................................ 11 Front-end web & mobile ................................................................................................... 12 Game development.......................................................................................................... 12 Internet of Things............................................................................................................ 13 Machine learning.............................................................................................................. 13 Management & governance ............................................................................................... 14 Media.............................................................................................................................. 15 Migration & transfer......................................................................................................... 15 Networking & content delivery .......................................................................................... 15 Security, identity, & compliance ......................................................................................... 16 Serverless........................................................................................................................ 17 Storage........................................................................................................................... 17 Additional event sources ................................................................................................... 18 Event destinations.................................................................................................................... 18 A2A destinations.............................................................................................................. 18 A2P destinations.............................................................................................................. 19 Setting up....................................................................................................................................... 21 Create account and an IAM administrator user ............................................................................. 21 Create an IAM user and get credentials ....................................................................................... 21 Next steps............................................................................................................................... 22 Getting started ................................................................................................................................ 23 Prerequisites............................................................................................................................ 23 Step 1: Create a topic............................................................................................................... 23 Step 2: Create a subscription to the topic .................................................................................... 23 Step 3: Publish a message to the topic....................................................................................... 24 Step 4: Delete the subscription and topic.................................................................................... 24 Next steps............................................................................................................................... 24 Configuring Amazon SNS .................................................................................................................. 25 Creating a topic....................................................................................................................... 25 AWS Management Console ................................................................................................ 25 AWS SDKs....................................................................................................................... 27 Subscribing to a topic............................................................................................................... 33 To subscribe an endpoint to an Amazon SNS topic ............................................................... 33 iii Amazon Simple Notification Service Developer Guide Deleting a subscription and topic............................................................................................... 34 AWS Management Console ................................................................................................ 34 AWS SDKs....................................................................................................................... 35 Tagging................................................................................................................................... 39 Tagging for cost allocation ................................................................................................ 40 Tagging for access control ................................................................................................. 40 Tagging for resource searching and filtering ........................................................................ 41 Configuring tags.............................................................................................................. 41 Message ordering and deduplication (FIFO topics) ................................................................................ 45 FIFO topics use case ................................................................................................................. 45 Message ordering details........................................................................................................... 47 Message grouping .................................................................................................................... 52 Message delivery...................................................................................................................... 53 Message filtering...................................................................................................................... 54 Message deduplication.............................................................................................................. 56 Message security...................................................................................................................... 58 Message durability.................................................................................................................... 58 Code examples......................................................................................................................... 60 FIFO example (AWS SDKs) ................................................................................................. 60 FIFO example (AWS CloudFormation) .................................................................................. 63 Message publishing.......................................................................................................................... 66 AWS Management Console ........................................................................................................ 66 AWS SDKs............................................................................................................................... 67 Large message payloads............................................................................................................ 74 Prerequisites.................................................................................................................... 74 Example: Publishing messages to Amazon SNS with payload stored in Amazon S3 .................... 75 Other endpoint protocols .................................................................................................. 77 Message attributes................................................................................................................... 77 Message attribute items and validation ............................................................................... 77 Data types....................................................................................................................... 78 Reserved message attributes for mobile push notifications .................................................... 78 Message batching..................................................................................................................... 80 What is message batching?................................................................................................ 80 How does message batching work? .................................................................................... 80 Examples......................................................................................................................... 80 Message filtering.............................................................................................................................. 83 Subscription filter policy scope .................................................................................................. 83 Subscription filter policies......................................................................................................... 83 Example filter policies....................................................................................................... 84 Filter policy constraints ..................................................................................................... 86 String value matching....................................................................................................... 87 Numeric value matching................................................................................................... 91 Key matching ................................................................................................................... 93 AND/OR logic.................................................................................................................. 94 Applying a subscription filter policy............................................................................................ 95 AWS Management Console ................................................................................................ 95 AWS CLI.......................................................................................................................... 95 AWS SDKs....................................................................................................................... 96 Amazon SNS API .............................................................................................................. 97 AWS CloudFormation........................................................................................................ 98 Removing a subscription filter policy.......................................................................................... 98 AWS Management Console ................................................................................................ 98 AWS CLI.......................................................................................................................... 98 Amazon SNS API .............................................................................................................. 99 Message data protection................................................................................................................. 100 What is message data protection .............................................................................................. 100 Why use message data protection ............................................................................................ 100 iv Amazon Simple Notification Service Developer Guide Data protection policies .......................................................................................................... 101 What are data protection policies? .................................................................................... 101 Overview of data protection policy structure ...................................................................... 101 How do I determine the IAM principals ............................................................................. 103 Data protection policy operations ..................................................................................... 103 Data protection policy examples ....................................................................................... 109 Creating data protection policies ...................................................................................... 112 Deleting data protection policies ...................................................................................... 118 Data identifiers...................................................................................................................... 118 What are managed data identifiers? .................................................................................. 119 Sensitive data types: Credentials ...................................................................................... 121 Sensitive data types: Devices ............................................................................................ 122 Sensitive data types: Financial .......................................................................................... 122 Sensitive data types: Protected health information (PHI) ...................................................... 126 Sensitive data types: Personally identifiable information (PII) ............................................... 129 Message delivery............................................................................................................................ 142 Raw message delivery ............................................................................................................. 142 Enabling raw message delivery using the AWS Management Console ..................................... 142 Message format examples............................................................................................... 143 Cross-account delivery............................................................................................................ 143 Queue owner creates subscription .................................................................................... 143 A user who does not own the queue creates a subscription .................................................. 145 How do I force a subscription to require authentication on unsubscribe requests? .................... 147 Cross-region delivery.............................................................................................................. 147 Opt-in Regions............................................................................................................... 147 Message delivery status ........................................................................................................... 149 Configuring delivery status logging using the AWS Management Console ............................... 149 Configuring message delivery status attributes for topics subscribed to Amazon SNS endpoints using the AWS SDKs ....................................................................................................... 150 Message delivery retries .......................................................................................................... 155 Delivery protocols and policies ......................................................................................... 155 Delivery policy stages ..................................................................................................... 156 Creating an HTTP/S delivery policy ................................................................................... 157 Dead-letter queues (DLQs) ....................................................................................................... 159 Why do message deliveries fail? ....................................................................................... 160 How do dead-letter queues work? .................................................................................... 160 How are messages moved into a dead-letter queue? ........................................................... 160 How can I move messages out of a dead-letter queue? ........................................................ 161 How can I monitor and log dead-letter queues? ................................................................. 161 Configuring a dead-letter queue ....................................................................................... 161 Message archiving and analytics ....................................................................................................... 165 Application-to-application (A2A) messaging....................................................................................... 166 Fanout to Kinesis Data Firehose delivery streams ........................................................................ 166 Prerequisites.................................................................................................................. 166 Subscribing a delivery stream to a topic ............................................................................ 168 Delivery stream destinations ............................................................................................ 168 Example use case........................................................................................................... 177 Fanout to Lambda functions .................................................................................................... 186 Prerequisites.................................................................................................................. 186 Subscribing a function to a topic ...................................................................................... 186 Fanout to Amazon SQS queues ................................................................................................ 187 Subscribing a queue to a topic......................................................................................... 187 Example (AWS CloudFormation) ....................................................................................... 192 Fanout to HTTP/S endpoints .................................................................................................... 197 Subscribing an endpoint to a topic................................................................................... 198 Verifying message signatures ........................................................................................... 204 Parsing message formats ................................................................................................. 206 v Amazon Simple Notification Service Developer Guide Fanout to AWS Event Fork Pipelines ......................................................................................... 213 How AWS Event Fork Pipelines works ................................................................................ 213 Deploying AWS Event Fork Pipelines ................................................................................. 216 Deploying and testing AWS Event Fork Pipelines ................................................................ 217 Subscribing an event pipeline to a topic ............................................................................ 223 Application-to-person (A2P) messaging ............................................................................................. 230 Mobile text messaging (SMS) ................................................................................................... 230 SMS sandbox................................................................................................................. 231 Origination identities...................................................................................................... 233 Requesting SMS support ................................................................................................. 257 Setting SMS preferences .................................................................................................. 265 Sending SMS messages................................................................................................... 269 Monitoring SMS activity .................................................................................................. 280 Managing SMS subscriptions............................................................................................ 286 Supported Regions and countries ..................................................................................... 302 SMS best practices .......................................................................................................... 313 SMS requirements for Singapore ...................................................................................... 321 SMS requirements for US destinations .............................................................................. 322 SMS requirements for India ............................................................................................. 323 Mobile push notifications........................................................................................................ 326 How user notifications work ............................................................................................ 327 User notification process overview .................................................................................... 327 Setting up a mobile app .................................................................................................. 327 Sending mobile push notifications.................................................................................... 335 Mobile app attributes ...................................................................................................... 338 Mobile app events .......................................................................................................... 341 Mobile push API actions .................................................................................................. 343 Mobile push API errors .................................................................................................... 344 Mobile push TTL ............................................................................................................ 350 Supported Regions......................................................................................................... 352 Mobile push notifications best practices ............................................................................ 352 Email notifications.................................................................................................................. 353 AWS Management Console .............................................................................................. 353 AWS SDKs..................................................................................................................... 354 Code examples............................................................................................................................... 362 Actions.................................................................................................................................. 363 Add tags to a topic ......................................................................................................... 363 Check whether a phone number is opted out..................................................................... 365 Confirm an endpoint owner wants to receive messages ....................................................... 368 Create a topic ................................................................................................................ 370 Delete a subscription...................................................................................................... 377 Delete a topic................................................................................................................ 381 Get the properties of a topic ........................................................................................... 386 Get the settings for sending SMS messages ....................................................................... 391 List opted out phone numbers......................................................................................... 394 List the subscribers of a topic.......................................................................................... 395 List topics...................................................................................................................... 401 Publish an SMS text message ........................................................................................... 408 Publish to a topic........................................................................................................... 412 Set a dead-letter queue for a subscription ......................................................................... 419 Set a filter policy ............................................................................................................ 420 Set the default settings for sending SMS messages ............................................................. 421 Set topic attributes ......................................................................................................... 424 Subscribe a Lambda function to a topic ............................................................................ 428 Subscribe a mobile application to a topic.......................................................................... 431 Subscribe an HTTP endpoint to a topic ............................................................................. 433 Subscribe an email address to a topic ............................................................................... 435 vi Amazon Simple Notification Service Developer Guide Scenarios............................................................................................................................... 442 Create a platform endpoint for push notifications ............................................................... 442 Create and publish to a FIFO topic ................................................................................... 443 Publish SMS messages to a topic...................................................................................... 447 Publish a large message .................................................................................................. 449 Cross-service examples............................................................................................................ 451 Build an app to submit data to a DynamoDB table............................................................. 451 Building an Amazon SNS application ................................................................................. 452 Create an Amazon Textract explorer application ................................................................. 453 Detect people and objects in a video ................................................................................ 454 Use API Gateway to invoke a Lambda function ................................................................... 455 Use scheduled events to invoke a Lambda function ............................................................ 456 Security......................................................................................................................................... 457 Data protection...................................................................................................................... 457 Data encryption............................................................................................................. 458 Internetwork traffic privacy .............................................................................................. 467 Message Data Protection security ..................................................................................... 479 Identity and access management .............................................................................................. 479 Authentication............................................................................................................... 479 Access control................................................................................................................ 481 Overview....................................................................................................................... 481 Using identity-based policies ............................................................................................ 495 Using temporary credentials ............................................................................................ 501 API permissions reference ................................................................................................ 501 Logging and monitoring.......................................................................................................... 502 Logging API calls using CloudTrail .................................................................................... 503 Monitoring topics using CloudWatch ................................................................................. 506 Compliance validation............................................................................................................. 513 Resilience.............................................................................................................................. 514 Infrastructure security............................................................................................................. 514 Best practices......................................................................................................................... 514 Preventative best practices .............................................................................................. 515 Troubleshooting ............................................................................................................................. 518 Troubleshooting topics using X-Ray .......................................................................................... 518 Documentation history.................................................................................................................... 519 AWS glossary................................................................................................................................. 523 vii Amazon Simple Notification Service Developer Guide What is Amazon SNS? Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery from publishers to subscribers (also known as producers and consumers). Publishers communicate asynchronously with subscribers by sending messages to a topic, which is a logical access point and communication channel. Clients can subscribe to the SNS topic and receive published messages using a supported endpoint type, such as Amazon Kinesis Data Firehose, Amazon SQS, AWS Lambda, HTTP, email, mobile push notifications, and mobile text messages (SMS). 1 Amazon Simple Notification Service Developer Guide 2 Amazon Simple Notification Service Developer Guide Features and capabilities Topics • Features and capabilities (p. 3) • Related services (p. 4) • Accessing Amazon SNS (p. 4) • Pricing for Amazon SNS (p. 5) • Common Amazon SNS scenarios (p. 5) • Using Amazon SNS with an AWS SDK (p. 6) Features and capabilities Amazon SNS provides the following features and capabilities: • Application-to-application messaging Application-to-application messaging supports subscribers such as Amazon Kinesis Data Firehose delivery streams, Lambda functions, Amazon SQS queues, HTTP/S endpoints, and AWS Event Fork Pipelines. For more information, see Application-to-application (A2A) messaging (p. 166). • Application-to-person notifications Application-to-person notifications provide user notifications to subscribers such as mobile applications, mobile phone numbers, and email addresses. For more information, see Application-to- person (A2P) messaging (p. 230). • Standard and FIFO topics Use a FIFO topic to ensure strict message ordering, to define message groups, and to prevent message duplication. Only Amazon SQS FIFO queues can subscribe to a FIFO topic. For more information, see Message ordering and deduplication (FIFO topics) (p. 45). Use a standard topic when message delivery order and possible message duplication are not critical. All of the supported delivery protocols can subscribe to a standard topic. • Message durability Amazon SNS uses a number of strategies that work together to provide message durability: • Published messages are stored across multiple, geographically separated servers and data centers. • If a subscribed endpoint isn't available, Amazon SNS runs a delivery retry policy (p. 155). • To preserve any messages that aren't delivered before the delivery retry policy ends, you can create a dead-letter queue (p. 159). • Message archiving and analytics You can subscribe Kinesis Data Firehose delivery streams to SNS topics (p. 166), which allow you to send notifications to additional archiving and analytics endpoints such as Amazon Simple Storage Service (Amazon S3) buckets, Amazon Redshift tables, and more. • Message attributes Message attributes let you provide any arbitrary metadata about the message. the section called “Message attributes” (p. 77). • Message filtering By default, each subscriber receives every message published to the topic. To receive a subset of the messages, a subscriber must assign a filter policy to the topic subscription. A subscriber can also define the filter policy scope to enable payload-based or attribute-based filtering. The default value for the filter policy scope is MessageAttributes. When the incoming message attributes match the filter policy attributes, the message is delivered to the subscribed endpoint. Otherwise, the message is 3