Amazon SNS

Amazon SNS

Amazon Simple Notification Service (Amazon SNS) is a AWS web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. Amazon SNS provides developers a highly scalable, flexible, and cost-effective capability to publish messages from an application and immediately deliver them to subscribers or other applications. Amazon SNS follows the “publish-subscribe” (pub-sub) model, which is a form of asynchronous service-to-service communication used in serverless and microservices architectures.

  • Amazon SNS supports applications to send time-critical messages to multiple subscribers through a “push” mechanism, eliminating the need to periodically check or “poll” for updates.
  • Using Amazon SNS topics, AWS clients publisher systems can fan out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email.
  • The Amazon SNS service supports a wide variety of customers needs including event notification, monitoring applications, workflow systems, time-sensitive information updates, mobile applications, and any other application that generates or consumes notifications.
  • SNS supports AWS CloudTrail, an AWS service that records AWS API calls for customers accounts and delivers log files to them. With CloudTrail, AWS customers can obtain a history of such information as the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by SNS.

SNS Features

Message fanout occurs when a message is sent to a topic and then replicated and pushed to multiple endpoints. Fanout provides asynchronous event notifications, which in turn allows for parallel processing. 

  • All messages published to Amazon SNS are stored redundantly across multiple geographically separated servers and data centers. 
  • Amazon SNS reliably delivers messages to all supported AWS endpoints, such as Amazon SQS queues and AWS Lambda functions.
  •  Amazon SNS can filter and fanout events to the following destinations to support event-driven computing use cases:
    • Amazon Simple Queue Service
    • AWS Lambda
    • AWS Event Fork Pipelines
    • Webhook (HTTP/S)

Amazon SNS provides encrypted topics to protect customers messages from unauthorized and anonymous access. When customers publish messages to encrypted topics, Amazon SNS immediately encrypts those messages. 

  • The messages are stored in encrypted form, and decrypted as they are delivered to subscribing endpoints (Amazon SQS queues, AWS Lambda functions, HTTP/S webhooks). 
  • All messages published to Amazon SNS are stored redundantly across multiple geographically separated servers and data centers. 
  • Amazon SNS delivers messages to all supported AWS endpoints, such as Amazon SQS queues and AWS Lambda functions. In case the subscribed endpoint isn’t available, Amazon SNS executes message delivery retry policies and can also move messages to dead-letter queues (DLQ).

AWS support customers who want to use GPU scheduling, which allows them to specify the number and type of accelerators their jobs require as job definition input variables in AWS Batch. 

  • Graphics Processing Unit(GPU) is a processor designed to handle graphics operations. This includes both 2D and 3D calculations, though GPUs primarily excel at rendering 3D graphics.
  • AWS Batch will scale up instances appropriate for the customers jobs based on the required number of GPUs and isolate the accelerators according to each job’s needs, so only the appropriate containers can access them.
  • All instance types in a compute environment that will run GPU jobs should be from the p2, p3, g3, g3s, or g4 instance families. If this is not done a GPU job could get stuck in the RUNNABLE status.

Message filtering empowers the subscriber to create a filter policy, so that it only gets the notifications it is interested in, as opposed to receiving every single message posted to the topic.  

  • Customers can monitor their Amazon SNS message filtering activity with Amazon CloudWatch and manage Amazon SNS filter policies with AWS CloudFormation.
  • With Amazon SNS message filtering, subscribing endpoints receive only the messages of interest, instead of all messages published to the topic. 
  • Amazon CloudWatch gives visibility into customers filtering activity, and AWS CloudFormation enables customers to deploy subscription filter policies in an automated and secure manner

Amazon SNS uses cross availability zone message storage to provide high message durability. All messages published are stored redundantly across multiple geographically-separated servers and data centers. 

  • All messages published to Amazon SNS are stored redundantly across multiple geographically separated servers and data centers. 
  • Amazon SNS reliably delivers messages to all supported AWS endpoints, such as Amazon SQS queues and AWS Lambda functions. 
  • If the subscriber endpoint isn’t available, Amazon SNS executes a message delivery retry policy and can also move messages to dead-letter queues (DLQ). 

Amazon SNS supports VPC Endpoints (VPCE) via AWS PrivateLink. AWS customers can use VPC Endpoints to privately publish messages to Amazon SNS topics, from an Amazon Virtual Private Cloud (VPC), without traversing the public internet. This feature brings additional security, helps promote data privacy, and aligns with assurance programs.

  • To use AWS PrivateLink, customers don’t need to set up an Internet Gateway (IGW), Network Address Translation (NAT) device, or Virtual Private Network (VPN) connection. You don’t need to use public IP addresses, either.
  • AWS customers can deploy Amazon VPC endpoints for Amazon SNS with AWS CloudFormation.

Amazon SNS mobile notifications make it simple and cost effective to fanout mobile push notifications to iOS, Android, Fire OS, Windows and Baidu-based devices. 

  • AWS customers can also use SNS to fanout text messages (SMS) to 200+ countries and fanout email messages (SMTP).

SNS Simple API

Amazon SNS allows notifications over multiple transport protocols. Customers can select one of the transports service as part of the subscription requests:

  • “HTTP”, “HTTPS” – Subscribers specify a URL as part of the subscription registration; notifications will be delivered through an HTTP POSTHTTP POST to the specified URL.
  • ”Email”, “Email-JSON” – Messages are sent to registered addresses as email. Email-JSON sends notifications as a JSON object, while Email sends text-based email.
  • “SQS” – Users can specify an SQS standard queue as the endpoint; Amazon SNS will enqueue a notification message to the specified queue (which subscribers can then process using SQS APIs such as ReceiveMessage, DeleteMessage, etc.). Note that FIFO queues are not currently supported.
  • “SMS” – Messages are sent to registered phone numbers as SMS text messages.

Amazon SNS provides a set of simple APIs to enable event notifications for topic owners, subscribers and publishers.

Owner  operations:

  • CreateTopic:- Create a new topic.
  • DeleteTopic:- Delete a previously created topic.
  • ListTopics:- List of topics owned by a particular user (AWS ID).
  • ListSubscriptionsByTopic:- List of subscriptions for a particular topic
  • SetTopicAttributes:- Set/modify topic attributes, including setting and modifying publisher/subscriber permissions, transports supported, etc.
  • GetTopicAttributes:- Get/view existing attributes of a topic
  • AddPermission:- Grant access to selected users for the specified actions
  • RemovePermission:- Remove permissions for selected users for the specified actions

Subscriber operations:

  • Subscribe:- Register a new subscription on a particular topic, which will generate a confirmation message from Amazon SNS
  • ConfirmSubscription:- Respond to a subscription confirmation message, confirming the subscription request to receive notifications from the subscribed topic
  • UnSubscribe:- Cancel a previously registered subscription
  • ListSubscriptions:- List subscriptions owned by a particular user (AWS ID)

Publisher operations:

  • Publish:- Publish a new message to the top.

SNS Topic

AWS Batch can be integrated with commercial and open-source workflow engines and languages such as Pegasus WMS, Luigi, Nextflow, Metaflow, Apache Airflow, and AWS Step Functions, enabling you to use familiar workflow languages to model your batch computing pipelines

Video On Demand

Videos on Demand on AWS is a reference implementation that automatically provisions the AWS services necessary to build a scalable, distributed video-on-demand workflow. 

  • The solution leverages Amazon CloudWatch to monitor log files and sends Amazon SNS notifications for encoding, publishing, and errors.

AWS OPS Automator

The AWS Ops Automator is a customizable solution designed to provide a core framework for automated tasks, allowing customers to focus on extending functionality rather than managing underlying infrastructure operations. 

  • Warning and error messages are published to a solution-created Amazon SNS topic which sends messages to a subscribed email address.

AWS Answers

AWS Answers is a repository of instructional documents and solutions developed by AWS Solutions Architects to help customers build and grow their businesses on the AWS Cloud.

  • The AWS Well-Architected Framework provides a consistent approach for customers and partners to evaluate architectures, which includes operational excellence, security, reliability, performance efficiency, and cost optimization.

AWS Limit monitor

The AWS Limit Monitor enables tracking of service usage against quotas. With this easy-to-deploy solution, customers can audit the usage and make informed decisions regarding resources. 

  • If actual usage exceeds 80% of a given service quota, AWS Lambda publishes a message to the Amazon SNS topic which is sent to an email address you specify during setup.

SNS transport protocols

The notification message sent by Amazon SNS for deliveries over HTTP, HTTPS, Email-JSON and SQS transport protocols will consist of a simple JSON object such asi:

  • MessageId: A Universally Unique Identifier, unique for each notification published.
  • Timestamp: The time (in GMT) at which the notification was published.
  • TopicArn: The topic to which this message was published
  • Type: The type of the delivery message, set to “Notification” for notification deliveries.
  • UnsubscribeURL: A link to unsubscribe the end-point from this topic, and prevent receiving any further notifications.
  • Message: The payload (body) of the message, as received from the publisher.
  • Subject: The Subject field – if one was included as an optional parameter to the publish API call along with the message.
  • Signature: Base64-encoded “SHA1withRSA” signature of the Message, MessageId, Subject (if present), Type, Timestamp, and Topic values.
  • SignatureVersion: Version of the Amazon SNS signature used.

Notification messages sent over the “Email” transport only contain the payload (message body) as received from the publisher.

Amazon SNS allows notifications over multiple transport protocols. Customers can select one of the transports service as part of the subscription requests:

  • “HTTP”, “HTTPS” – Subscribers specify a URL as part of the subscription registration; notifications will be delivered through an HTTP POST to the specified URL.
  • ”Email”, “Email-JSON” – Messages are sent to registered addresses as email. Email-JSON sends notifications as a JSON object, while Email sends text-based email.
  • “SQS” – Users can specify an SQS ssimple APIstandard queue as the endpoint; Amazon SNS will enqueue a notification message to the specified queue (which subscribers can then process using SQS APIs such as ReceiveMessage, DeleteMessage, etc.). Note that FIFO queues are not currently supported.
  • “SMS” – Messages are sent to registered phone numbers as SMS text messages.

API subscriptions list

There are two APIs list subscriptions, which perform different functions and return different results:

  • The ListSubscriptionsByTopic API allows a topic owner to see the list of all subscribers actively registered to a topic.
  • The ListSubscriptions API allows a user to get a list of all their active subscriptions (to one or more topics).

Subscribers can be unsubscribed either by the topic owner, the subscription owner or others depending on how it was set up.

  • A subscription that was confirmed with the AuthenticateOnUnsubscribe flag set to True in the call to the ConfirmSubscription API call can only be unsubscribed by a topic owner or the subscription owner.
  • If the subscription was confirmed anonymously without the AuthenticateOnUnsubscribe flag set to True, then it can be anonymously unsubscribed.

In all cases except when unsubscribed by the subscription owner, a final cancellation message will be sent to the end-point, allowing the endpoint owner to easily re-subscribe to the topic (if the Unsubscribe request was unintended or in error). 

As part of the subscription registration, Amazon SNS will ensure that notifications are only sent to valid, registered subscribers/end-points. To prevent spam and ensure that a subscriber end-point is really interested in receiving notifications from a particular topic, Amazon SNS requires an explicit opt-in from subscribers using a 2-part handshake:

  1. When a user first calls the Subscribe API and subscribes an end-point, Amazon SNS will send a confirmation message to the specified end-point.
  2. On receiving the confirmation message at the end-point, the subscriber should confirm the subscription request by sending a valid response. 

Only then Amazon SNS will consider the subscription request to be valid. If there is no response to the challenge, Amazon SNS will not send any notifications to that end-point. The exact mechanism of confirming the subscription varies by the transport protocol selected:

  • For HTTP/HTTPS notifications, Amazon SNS will first POST the confirmation message (containing a token) to the specified URL. The application monitoring the URL will have to call the ConfirmSubscription API with the token included token.
  • For Email and Email-JSON notifications, Amazon SNS will send an email to the specified address containing an embedded link. The user will need to click on the embedded link to confirm the subscription request.
  • For SQS notifications, Amazon SNS will enqueue a challenge message containing a token to the specified queue. The application monitoring the queue will have to call the ConfirmSubscription API with the token.

Note: The explicit “opt-in” steps described above are not required for the specific case where you subscribe your Amazon SQS queue to your Amazon SNS topic – and both are “owned” by the same AWS account.

© 2022