💡 Summary
A comprehensive guide and helper for using AWS Simple Notification Service (SNS) for pub/sub messaging, including topic management, subscriptions, and message publishing.
🎯 Target Audience
🤖 AI Roast: “This skill is essentially a well-organized AWS CLI manual, offering great utility but zero innovation beyond repackaging existing documentation.”
The skill requires AWS credentials with SNS permissions, posing a risk of privilege escalation if compromised. It may facilitate sending notifications to arbitrary endpoints (SMS, email, HTTP). Mitigation: Use IAM roles with least-privilege policies and audit SNS topic policies regularly.
name: sns description: AWS SNS notification service for pub/sub messaging. Use when creating topics, managing subscriptions, configuring message filtering, sending notifications, or setting up mobile push. last_updated: "2026-01-07" doc_source: https://docs.aws.amazon.com/sns/latest/dg/
AWS SNS
Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service for application-to-application (A2A) and application-to-person (A2P) communication.
Table of Contents
Core Concepts
Topics
Named channels for publishing messages. Publishers send to topics, subscribers receive from topics.
Topic Types
| Type | Description | Use Case | |------|-------------|----------| | Standard | Best-effort ordering, at-least-once | Most use cases | | FIFO | Strict ordering, exactly-once | Order-sensitive |
Subscription Protocols
| Protocol | Description | |----------|-------------| | Lambda | Invoke Lambda function | | SQS | Send to SQS queue | | HTTP/HTTPS | POST to endpoint | | Email | Send email | | SMS | Send text message | | Application | Mobile push notification |
Message Filtering
Route messages to specific subscribers based on message attributes.
Common Patterns
Create Topic and Subscribe
AWS CLI:
# Create standard topic aws sns create-topic --name my-topic # Create FIFO topic aws sns create-topic \ --name my-topic.fifo \ --attributes FifoTopic=true # Subscribe Lambda aws sns subscribe \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --protocol lambda \ --notification-endpoint arn:aws:lambda:us-east-1:123456789012:function:my-function # Subscribe SQS aws sns subscribe \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --protocol sqs \ --notification-endpoint arn:aws:sqs:us-east-1:123456789012:my-queue # Subscribe email aws sns subscribe \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --protocol email \ --notification-endpoint user@example.com
boto3:
import boto3 sns = boto3.client('sns') # Create topic response = sns.create_topic(Name='my-topic') topic_arn = response['TopicArn'] # Subscribe Lambda sns.subscribe( TopicArn=topic_arn, Protocol='lambda', Endpoint='arn:aws:lambda:us-east-1:123456789012:function:my-function' ) # Subscribe SQS with filter sns.subscribe( TopicArn=topic_arn, Protocol='sqs', Endpoint='arn:aws:sqs:us-east-1:123456789012:order-queue', Attributes={ 'FilterPolicy': '{"event_type": ["order_created", "order_updated"]}' } )
Publish Messages
import boto3 import json sns = boto3.client('sns') topic_arn = 'arn:aws:sns:us-east-1:123456789012:my-topic' # Simple publish sns.publish( TopicArn=topic_arn, Message='Hello, World!', Subject='Notification' ) # Publish with attributes (for filtering) sns.publish( TopicArn=topic_arn, Message=json.dumps({'order_id': '12345', 'status': 'created'}), MessageAttributes={ 'event_type': { 'DataType': 'String', 'StringValue': 'order_created' }, 'priority': { 'DataType': 'Number', 'StringValue': '1' } } ) # Publish to FIFO topic sns.publish( TopicArn='arn:aws:sns:us-east-1:123456789012:my-topic.fifo', Message=json.dumps({'order_id': '12345'}), MessageGroupId='order-12345', MessageDeduplicationId='unique-id' )
Message Filtering
# Add filter policy to subscription aws sns set-subscription-attributes \ --subscription-arn arn:aws:sns:us-east-1:123456789012:my-topic:abc123 \ --attribute-name FilterPolicy \ --attribute-value '{ "event_type": ["order_created"], "priority": [{"numeric": [">=", 1]}] }'
Filter policy examples:
// Exact match {"event_type": ["order_created", "order_updated"]} // Prefix match {"customer_id": [{"prefix": "PREMIUM-"}]} // Numeric comparison {"price": [{"numeric": [">=", 100, "<=", 500]}]} // Exists check {"customer_id": [{"exists": true}]} // Anything but {"event_type": [{"anything-but": ["deleted"]}]} // Combined { "event_type": ["order_created"], "region": ["us-east", "us-west"], "priority": [{"numeric": [">=", 1]}] }
Fan-Out Pattern (SNS to Multiple SQS)
import boto3 import json sns = boto3.client('sns') sqs = boto3.client('sqs') # Create topic topic = sns.create_topic(Name='orders-topic') topic_arn = topic['TopicArn'] # Create queues for different processors queues = { 'analytics': sqs.create_queue(QueueName='order-analytics')['QueueUrl'], 'fulfillment': sqs.create_queue(QueueName='order-fulfillment')['QueueUrl'], 'notification': sqs.create_queue(QueueName='order-notification')['QueueUrl'] } # Subscribe each queue for name, queue_url in queues.items(): queue_arn = sqs.get_queue_attributes( QueueUrl=queue_url, AttributeNames=['QueueArn'] )['Attributes']['QueueArn'] sns.subscribe( TopicArn=topic_arn, Protocol='sqs', Endpoint=queue_arn ) # One publish reaches all queues sns.publish( TopicArn=topic_arn, Message=json.dumps({'order_id': '12345', 'total': 99.99}) )
Lambda Permission for SNS
aws lambda add-permission \ --function-name my-function \ --statement-id sns-trigger \ --action lambda:InvokeFunction \ --principal sns.amazonaws.com \ --source-arn arn:aws:sns:us-east-1:123456789012:my-topic
CLI Reference
Topic Management
| Command | Description |
|---------|-------------|
| aws sns create-topic | Create topic |
| aws sns delete-topic | Delete topic |
| aws sns list-topics | List topics |
| aws sns get-topic-attributes | Get topic settings |
| aws sns set-topic-attributes | Update topic settings |
Subscriptions
| Command | Description |
|---------|-------------|
| aws sns subscribe | Create subscription |
| aws sns unsubscribe | Remove subscription |
| aws sns list-subscriptions | List all subscriptions |
| aws sns list-subscriptions-by-topic | List topic subscriptions |
| aws sns confirm-subscription | Confirm pending subscription |
Publishing
| Command | Description |
|---------|-------------|
| aws sns publish | Publish message |
Best Practices
Reliability
- Use SQS for durability — SNS is push-based, SQS queues messages
- Implement retries for HTTP/HTTPS endpoints
- Configure DLQ for failed deliveries
- Use FIFO topics for ordering requirements
Security
- Use topic policies to control access
- Enable encryption with SSE
- Use VPC endpoints for private access
# Enable SSE aws sns set-topic-attributes \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --attribute-name KmsMasterKeyId \ --attribute-value alias/my-key
Cost Optimization
- Use message filtering to reduce unnecessary deliveries
- Batch operations where possible
- Monitor and clean up unused topics/subscriptions
Message Design
- Keep messages small (256 KB limit)
- Use message attributes for routing
- Include correlation IDs for tracing
Troubleshooting
Subscription Not Receiving Messages
Check:
- Subscription is confirmed (not pending)
- Filter policy matches message attributes
- Target permissions (Lambda, SQS)
# Check subscription status aws sns list-subscriptions-by-topic \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic # Check subscription attributes aws sns get-subscription-attributes \ --subscription-arn arn:aws:sns:us-east-1:123456789012:my-topic:abc123
HTTP Endpoint Not Working
Debug:
# Check delivery status logging aws sns set-topic-attributes \ --topic-arn arn:aws:sns:us-east-1:123456789012:my-topic \ --attribute-name DeliveryPolicy \ --attribute-value '{ "http": { "defaultHealthyRetryPolicy": { "minDelayTarget": 20, "maxDelayTarget": 20, "numRetries": 3, "numMaxDelayRetries": 0, "numNoDelayRetries": 0, "numMinDelayRetries": 0, "backoffFunction": "linear" } } }'
Messages Not Matching Filter
Verify:
- Message attributes are set (not in body)
- Attribute types match (String vs Number)
- Filter policy syntax is correct
# Correct: attributes must be message attributes sns.publish( TopicArn=topic_arn, Message='body content', MessageAttributes={ 'event_type': { 'DataType': 'String', 'StringValue': 'order_created' # This is filtered } } ) # Wrong: this won't be filtered sns.publish( TopicArn=topic_arn, Message=json.dumps({'event_type': 'order_created'}) # Not filtered )
SQS Not Receiving from SNS
Check SQS queue policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": {"Service": "sns.amazonaws.com"}, "Action": "sqs:SendMessage", "Resource": "arn:aws:sqs:us-east-1:123456789012:my-queue", "Condition": { "ArnEquals": { "aws:SourceArn": "arn:aws:sns:us-east-1:123456789012:my-topic" } } } ] }
References
Pros
- Extensive coverage of SNS concepts and operations.
- Clear examples for both CLI and boto3 (Python SDK).
- Includes practical patterns like fan-out and troubleshooting guides.
Cons
- Lacks any novel implementation or automation beyond standard AWS tooling.
- No interactive or agent-specific functionality is demonstrated.
- Heavily reliant on user having pre-configured AWS credentials and knowledge.
Related Skills
using-firebase
A“The README suggests managing secrets and deploying functions, which poses risks of exposing sensitive data if not handled properly. Use environment variables and secure storage sol”
kcli
A“This tool is like a Swiss Army knife for virtualization, but don’t expect it to fix your coffee machine.”
Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.
Copyright belongs to the original author itsmostafa.