What is Amazon SNS and How does it work?

Imagine having an e-commerce application deployed on the AWS Cloud. You need to notify your customers about their orders via email and SMS. You also want to send marketing emails to inform them about newly launched products. Handling this process manually can be complex and tiresome—you’d need to set up and maintain an SMTP server for email notifications and build a separate architecture for mobile (SMS) notifications. Scaling this setup to manage hundreds or thousands of customers introduces even more challenges, such as ensuring reliability, avoiding message duplication, and handling failures.

This is where Amazon SNS comes into play. With Amazon SNS, you can automate and streamline this process in minutes without managing complex architectures.

Key features of Amazon SNS:

• Publish once, deliver anywhere: You can publish a single message and deliver it to multiple endpoints, such as email, SMS, or AWS Lambda.

• Topic-based architecture: You can use topics to centralize notifications, eliminating the need for multiple isolated solutions.

• Seamless AWS integration: You can automate workflows by integrating SNS with services like S3 or Lambda to trigger alerts or actions.

Now that we have an overview of how Amazon SNS can help us simplify sending messages to our users, let’s explore it further.

What is Amazon SNS?#

Amazon Simple Notification Service (Amazon SNS) is a message delivery service provided by AWS that uses the publish/subscribe model to deliver messages from a producer to its consumers. In this model, a publisher sends a message to a communication channel (called a topic) created in Amazon SNS, which is then delivered to all its subscriber endpoints. As the publishers and subscribers don’t need to know about each other, Amazon SNS can decouple the components of a distributed system and deliver messages between them.

Amazon SNS supports multiple subscriber endpoints, such as Lambda functions, SQS queues, etc, and provides us with application-to-application (A2A) and application-to-person (A2P) messaging. The following illustration gives an overview of the endpoints that can receive messages published through Amazon SNS:

Amazon SNS supports emails, mobile text messages, and push notifications as subscriber endpoints in application-to-person messages and uses a device token on our behalf to send notifications to these services.

On the other hand, the application-to-application messaging service allows us to send messages between different components of distributed systems, microservices, and event-driven applications. SNS supports some of the following subscriber endpoints:

• Lambda functions: We can invoke a Lambda function by adding it as a subscriber to our SNS topic. The Lambda function receives the message sent from a publisher as an input parameter.

• HTTP endpoints: Amazon SNS can send POST requests to the HTTP and HTTPS endpoints subscribed to it.

• Amazon SQS: Amazon SNS and SQS can be used to create a fanout architectureIn the fanout architecture, a message is replicated and sent to multiple subscriber endpoints, allowing parallel asynchronous processing. in applications that require immediate notifications and want to store them in a queue to process them later.

How does SNS work?#

In Amazon SNS, we create topics. An Amazon SNS topic is the communication channel that receives messages from a publisher, delivers them to all available subscriber endpoints, and is the central hub for managing and delivering messages.

We can create two types of SNS topics: a standard and a FIFO (first in, first out) topic.

• Standard topic: Standard topics are used when the order of the messages being sent is not crucial. In a standard topic, messages are sent to subscribers at least once, and there is no mechanism to preserve the messages’ order. There is also a chance that message duplicates exist, as a publisher can send multiple copies of the same message to the SNS topic.

• FIFO topic: In FIFO topics, messages are sent exactly once, ensuring they are sent to the subscribers in the same order received from the publisher. To avoid message duplication, FIFO topics use a deduplication ID. In case multiple messages are received with the same deduplication ID, only one message is forwarded to the topic’s subscribers within five minutes. However, if the same message is sent after five minutes, it’s sent to the users.

Ordering messages in FIFO topics#

The order of published messages is retained in FIFO topics and delivered exactly once to subscribers. SNS does this by associating a sequence number with each message it receives. Another attribute, the message group ID, is used for messages in FIFO topics. This attribute is mandatory and set by the publisher when they request a publish message. SNS ensures that messages with the same group ID are delivered to the subscribers in the order they are received.

Publishing messages in SNS#

After creating an SNS topic and adding subscribers, we can publish messages to a topic using the AWS Management Consolehttps://console.aws.amazon.com/ or the AWS SDK. The maximum size of the message we can publish is 256 KB. However, by using the Extended Client Libraries for Java and Pythonhttps://docs.aws.amazon.com/sns/latest/dg/large-message-payloads.html, we can extend this limit to 2 GB.

These libraries work by storing the actual payload of our message in an S3 bucket and sending the reference to this bucket to the subscribers of the SNS topic. Once the subscriber receives this reference, they can dereference it using the client libraries and retrieve the original message sent by the publisher.

In addition, Amazon SNS enables batch publishing, allowing us to send up to 10 messages in a single request. This feature helps reduce the cost and increase the efficiency of sending multiple notifications simultaneously.

Filtering messages in SNS#

By default, Amazon SNS forwards all messages it receives from a publisher to all subscriber endpoints. However, SNS does allow us to create filter policies. Through these policies, we can control which message type is sent to which subscriber endpoint.

In a filter policy, we create a JSON object that defines the type of messages a subscriber receives. This can be done based on message attributes or message body. When an SNS receives a message from a publisher, it compares the message against the filter policy associated with a subscriber. If the message matches the policy, it is forwarded; otherwise, it is filtered out.

For example, imagine our e-commerce applications receive orders for different products, such as electronics, clothing, and groceries, and different departments handle each. We want to ensure that a department is only notified about the orders relevant to them. We can use Amazon SNS filter policies and filter incoming orders based on their product type to achieve this. This ensures that only relevant messages are sent to each department. The JSON filter policy for this scenario would look like this:

Monitoring messages in SNS#

The messages published to an SNS topic can be monitored to ensure sensitive information like personally identifiable information (PII) can be audited, masked, or blocked. This is done by using data protection policies.

Data protection policies use data identifiers—a collection of techniques and criteria, such as machine learning patterns—to scan messages for sensitive information. Amazon SNS provides us with premanaged data identifiers to detect PII and allows us to create custom identifiers according to our use case. When a message matches the criteria defined by a data identifier, SNS can be configured to take one of the following actions:

• Audit: This operation sends the message to the topic’s subscribers. However, SNS logs its findings in S3 buckets, Kinesis Data Firehose, or CloudWatch logs.

• De-identify: In this operation, sensitive information is masked or removed from the message before it is forwarded to the topic’s subscribers.

• Deny: In this operation, SNS blocks the Publish request from being processed or doesn’t forward the message it receives to the topic’s subscribers.

Create a topic in SNS#

Now that we have an idea of Amazon SNS and how it works, let’s look at the steps to create a topic in Amazon SNS using the AWS Management Console:

• First, log into the AWS Management Console and ensure you have the IAM permissions required to create an SNS topic and add subscribers.

• Then, use the search bar for “SNS” and select “Simple Notification Service” from the results.

• Select “Topics” from the sidebar on the SNS dashboard and then click the “Create topic” button to create a new topic.

• On the “Create topic” page, select the topic type as “Standard” and set the name to demo-sns-topic.

• Keep the default settings for all other options and click “Create topic.”

Once your topic is created, you can add subscribers by following the steps below. In this example, we’ll add an email subscriber to the topic and apply a filter policy to ensure only messages with the Destination field set to "Email" are sent to this subscriber:

• Select “Subscriptions” from the sidebar on the SNS dashboard and click “Create subscription.”

• Provide the ARN of your topic in the “Topic ARN” section. You can also select the ARN from the drop-down list.

• Set “Protocol” to “Email.”

• Provide a valid email address in the “Endpoint” field.

• Click the toggle button under “Subscription filter policy” to add a filter policy and select “Message body” as the filter policy scope.

• Add the following filter policy to ensure only messages where the Destination field is "Email" are delivered:

• Click “Create subscription.”

Best practices#

Some best practices we should keep in mind while working with Amazon SNS are given below:

• Naming FIFO topics: Always include the .fifo suffix in FIFO topic names (e.g., demo-topic.fifo).

• Topic naming conventions: Stick to alphanumeric characters, hyphens, and underscores for compatibility.

• IAM permissions: Follow the principle of least privilege, granting users and services only the minimum permissions necessary to perform their required tasks on your topics.

• Resource policies: Use resource policies to restrict who can publish messages to your topics.

• Logging and monitoring: Use CloudTrail logs to track API calls made to SNS for auditing and troubleshooting.

Use case: Processing objects uploaded in a bucket#

Let’s assume we want to receive an email notification whenever an object is uploaded to an S3 bucket. If the object being uploaded is an image, we want to add a watermark and extract any text that might be available in the image. These results will then be uploaded to another bucket.

We can build this application using Amazon SNS. Following is a high-level illustration of how these resources will work together to deploy this application in the AWS cloud:

The following steps are performed in the diagram given above:

• A user uploads an image in an S3 bucket.

• The S3 bucket generates an event and sends a message to an SNS topic. This message includes the bucket’s name, the key of the uploaded object (file), and its metadata.

• SNS fanouts this message to its email and Lambda function subscribers.

• The Lambda functions to receive the messages and do the following:

  • addWatermark: This function checks if the uploaded file is an image. If it is, the function uses image processing tools to add a watermark and uploads the watermarked image to another S3 bucket.

  • extractText: This function extracts any text from the uploaded file using tools like Amazon Textract (for text extraction) or Amazon Comprehend (for natural language processing). The extracted text is then converted into a PDF file and uploaded to another S3 bucket.

Final word#

Amazon SNS is a message delivery service provided by Amazon that uses the publish/subscribe model to deliver messages sent by a producer to subscribers. SNS supports subscriber endpoints like email, Lambda functions, and SQS queues. Amazon also allows us to create standard and FIFO topics, each with pros and cons.

We hope this blog has sparked your interest in Amazon SNS and its capabilities. Suppose you’re excited about simplifying your notification processes and automating workflows with SNS. In that case, we encourage you to experiment with different use cases, such as integrating SNS with Lambda or S3, exploring more complex scenarios like filtering messages, or setting up FIFO topics.

Our Cloud Labs are very popular among our learners because they provide a to-the-point, hands-on, right-sized learning experience without signing up for an AWS account. Happy learning!