💡 Summary
A comprehensive guide and helper for using AWS Simple Notification Service (SNS) for pub/sub messaging, including topic management, subscriptions, and message publishing.
🎯 Target Audience
🤖 AI Roast: “This skill is essentially a well-organized AWS CLI manual, offering great utility but zero innovation beyond repackaging existing documentation.”
The skill requires AWS credentials with SNS permissions, posing a risk of privilege escalation if compromised. It may facilitate sending notifications to arbitrary endpoints (SMS, email, HTTP). Mitigation: Use IAM roles with least-privilege policies and audit SNS topic policies regularly.
name: sns description: AWS SNS notification service for pub/sub messaging. Use when creating topics, managing subscriptions, configuring message filtering, sending notifications, or setting up mobile push. last_updated: "2026-01-07" doc_source: https://docs.aws.amazon.com/sns/latest/dg/
AWS SNS
Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service for application-to-application (A2A) and application-to-person (A2P) communication.
Table of Contents
Core Concepts
Topics
Named channels for publishing messages. Publishers send to topics, subscribers receive from topics.
Topic Types
| Type | Description | Use Case | |------|-------------|----------| | Standard | Best-effort ordering, at-least-once | Most use cases | | FIFO | Strict ordering, exactly-once | Order-sensitive |
Subscription Protocols
| Protocol | Description | |----------|-------------| | Lambda | Invoke Lambda function | | SQS | Send to SQS queue | | HTTP/HTTPS | POST to endpoint | | Email | Send email | | SMS | Send text message | | Application | Mobile push notification |
Message Filtering
Route messages to specific subscribers based on message attributes.
Common Patterns
Create Topic and Subscribe
AWS CLI:
# Create standard topic aws sns create-topic --name my-topic # Create FIFO topic aws sns create-topic \ --name my-topic.fifo \ --attributes FifoTopic=true # Subscribe Lambda aws sns subscribe \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --protocol lambda \ --notification-endpoint arn:aws:lambda:us-east-1:123456789012:function:my-function # Subscribe SQS aws sns subscribe \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --protocol sqs \ --notification-endpoint arn:aws:sqs:us-east-1:123456789012:my-queue # Subscribe email aws sns subscribe \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --protocol email \ --notification-endpoint user@example.com
boto3:
import boto3 sns = boto3.client('sns') # Create topic response = sns.create_topic(Name='my-topic') topic_arn = response['TopicArn'] # Subscribe Lambda sns.subscribe( TopicArn=topic_arn, Protocol='lambda', Endpoint='arn:aws:lambda:us-east-1:123456789012:function:my-function' ) # Subscribe SQS with filter sns.subscribe( TopicArn=topic_arn, Protocol='sqs', Endpoint='arn:aws:sqs:us-east-1:123456789012:order-queue', Attributes={ 'FilterPolicy': '{"event_type": ["order_created", "order_updated"]}' } )
Publish Messages
import boto3 import json sns = boto3.client('sns') topic_arn = 'arn:aws:sns:us-east-1:123456789012:my-topic' # Simple publish sns.publish( TopicArn=topic_arn, Message='Hello, World!', Subject='Notification' ) # Publish with attributes (for filtering) sns.publish( TopicArn=topic_arn, Message=json.dumps({'order_id': '12345', 'status': 'created'}), MessageAttributes={ 'event_type': { 'DataType': 'String', 'StringValue': 'order_created' }, 'priority': { 'DataType': 'Number', 'StringValue': '1' } } ) # Publish to FIFO topic sns.publish( TopicArn='arn:aws:sns:us-east-1:123456789012:my-topic.fifo', Message=json.dumps({'order_id': '12345'}), MessageGroupId='order-12345', MessageDeduplicationId='unique-id' )
Message Filtering
# Add filter policy to subscription aws sns set-subscription-attributes \ --subscription-arn arn:aws:sns:us-east-1:123456789012:my-topic:abc123 \ --attribute-name FilterPolicy \ --attribute-value '{ "event_type": ["order_created"], "priority": [{"numeric": [">=", 1]}] }'
Filter policy examples:
// Exact match {"event_type": ["order_created", "order_updated"]} // Prefix match {"customer_id": [{"prefix": "PREMIUM-"}]} // Numeric comparison {"price": [{"numeric": [">=", 100, "<=", 500]}]} // Exists check {"customer_id": [{"exists": true}]} // Anything but {"event_type": [{"anything-but": ["deleted"]}]} // Combined { "event_type": ["order_created"], "region": ["us-east", "us-west"], "priority": [{"numeric": [">=", 1]}] }
Fan-Out Pattern (SNS to Multiple SQS)
import boto3 import json sns = boto3.client('sns') sqs = boto3.client('sqs') # Create topic topic = sns.create_topic(Name='orders-topic') topic_arn = topic['TopicArn'] # Create queues for different processors queues = { 'analytics': sqs.create_queue(QueueName='order-analytics')['QueueUrl'], 'fulfillment': sqs.create_queue(QueueName='order-fulfillment')['QueueUrl'], 'notification': sqs.create_queue(QueueName='order-notification')['QueueUrl'] } # Subscribe each queue for name, queue_url in queues.items(): queue_arn = sqs.get_queue_attributes( QueueUrl=queue_url, AttributeNames=['QueueArn'] )['Attributes']['QueueArn'] sns.subscribe( TopicArn=topic_arn, Protocol='sqs', Endpoint=queue_arn ) # One publish reaches all queues sns.publish( TopicArn=topic_arn, Message=json.dumps({'order_id': '12345', 'total': 99.99}) )
Lambda Permission for SNS
aws lambda add-permission \ --function-name my-function \ --statement-id sns-trigger \ --action lambda:InvokeFunction \ --principal sns.amazonaws.com \ --source-arn arn:aws:sns:us-east-1:123456789012:my-topic
CLI Reference
Topic Management
| Command | Description |
|---------|-------------|
| aws sns create-topic | Create topic |
| aws sns delete-topic | Delete topic |
| aws sns list-topics | List topics |
| aws sns get-topic-attributes | Get topic settings |
| aws sns set-topic-attributes | Update topic settings |
Subscriptions
| Command | Description |
|---------|-------------|
| aws sns subscribe | Create subscription |
| aws sns unsubscribe | Remove subscription |
| aws sns list-subscriptions | List all subscriptions |
| aws sns list-subscriptions-by-topic | List topic subscriptions |
| aws sns confirm-subscription | Confirm pending subscription |
Publishing
| Command | Description |
|---------|-------------|
| aws sns publish | Publish message |
Best Practices
Reliability
- Use SQS for durability — SNS is push-based, SQS queues messages
- Implement retries for HTTP/HTTPS endpoints
- Configure DLQ for failed deliveries
- Use FIFO topics for ordering requirements
Security
- Use topic policies to control access
- Enable encryption with SSE
- Use VPC endpoints for private access
# Enable SSE aws sns set-topic-attributes \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --attribute-name KmsMasterKeyId \ --attribute-value alias/my-key
Cost Optimization
- Use message filtering to reduce unnecessary deliveries
- Batch operations where possible
- Monitor and clean up unused topics/subscriptions
Message Design
- Keep messages small (256 KB limit)
- Use message attributes for routing
- Include correlation IDs for tracing
Troubleshooting
Subscription Not Receiving Messages
Check:
- Subscription is confirmed (not pending)
- Filter policy matches message attributes
- Target permissions (Lambda, SQS)
# Check subscription status aws sns list-subscriptions-by-topic \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic # Check subscription attributes aws sns get-subscription-attributes \ --subscription-arn arn:aws:sns:us-east-1:123456789012:my-topic:abc123
HTTP Endpoint Not Working
Debug:
# Check delivery status logging aws sns set-topic-attributes \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --attribute-name DeliveryPolicy \ --attribute-value '{ "http": { "defaultHealthyRetryPolicy": { "minDelayTarget": 20, "maxDelayTarget": 20, "numRetries": 3, "numMaxDelayRetries": 0, "numNoDelayRetries": 0, "numMinDelayRetries": 0, "backoffFunction": "linear" } } }'
Messages Not Matching Filter
Verify:
- Message attributes are set (not in body)
- Attribute types match (String vs Number)
- Filter policy syntax is correct
# Correct: attributes must be message attributes sns.publish( TopicArn=topic_arn, Message='body content', MessageAttributes={ 'event_type': { 'DataType': 'String', 'StringValue': 'order_created' # This is filtered } } ) # Wrong: this won't be filtered sns.publish( TopicArn=topic_arn, Message=json.dumps({'event_type': 'order_created'}) # Not filtered )
SQS Not Receiving from SNS
Check SQS queue policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": {"Service": "sns.amazonaws.com"}, "Action": "sqs:SendMessage", "Resource": "arn:aws:sqs:us-east-1:123456789012:my-queue", "Condition": { "ArnEquals": { "aws:SourceArn": "arn:aws:sns:us-east-1:123456789012:my-topic" } } } ] }
References
Pros
- Extensive coverage of SNS concepts and operations.
- Clear examples for both CLI and boto3 (Python SDK).
- Includes practical patterns like fan-out and troubleshooting guides.
Cons
- Lacks any novel implementation or automation beyond standard AWS tooling.
- No interactive or agent-specific functionality is demonstrated.
- Heavily reliant on user having pre-configured AWS credentials and knowledge.
Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.
Copyright belongs to the original author itsmostafa.