Simple Notification Service – SNS

• Simple Notification Service – SNS is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients.
• SNS provides the ability to create a Topic which is a logical access point and communication channel.
• Each topic has a unique name that identifies the SNS endpoint for publishers to post messages and subscribers to register for notifications.
• Producers and Consumers communicate asynchronously with subscribers by producing and sending a message on a topic.
• Producers push messages to the topic, they created or have access to, and SNS matches the topic to a list of subscribers who have subscribed to that topic and delivers the message to each of those subscribers.
• Subscribers receive all messages published to the topics to which they subscribe, and all subscribers to a topic receive the same messages.
• Subscribers (i.e., web servers, email addresses, SQS queues, AWS Lambda functions) consume or receive the message or notification over one of the supported protocols (i.e., SQS, HTTP/S, email, SMS, Lambda) when they are subscribed to the topic.
• SNS supports two types of topics:
  • Standard topics – provide best-effort message ordering and at-least-once delivery. Support up to 100,000 topics and 12.5 million subscriptions per topic.
  • FIFO topics – provide strict message ordering, exactly-once message delivery, and message deduplication. Support up to 1,000 topics and 100 subscriptions per topic.

Accessing SNS

• Amazon Management console
  • Amazon Management console is the web-based user interface that can be used to manage SNS
• AWS Command-line Interface (CLI)
  • Provides commands for a broad set of AWS products, and is supported on Windows, Mac, and Linux.
• AWS Tools for Windows Powershell
  • Provides commands for a broad set of AWS products for those who script in the PowerShell environment
• AWS SNS Query API
  • Query API allows for requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action
• AWS SDK libraries
  • AWS provides libraries in various languages which provide basic functions that automate tasks such as cryptographically signing your requests, retrying requests, and handling error responses

SNS Supported Transport Protocols

• HTTP, HTTPS – Subscribers specify a URL as part of the subscription registration; notifications will be delivered through an HTTP POST to the specified URL.
• Email, Email-JSON – Messages are sent to registered addresses as email. Email-JSON sends notifications as a JSON object, while Email sends text-based email.
• SQS – Users can specify an SQS queue as the endpoint; SNS will enqueue a notification message to the specified queue (which subscribers can then process using SQS APIs such as ReceiveMessage, DeleteMessage, etc.)
• SMS – Messages are sent to registered phone numbers as SMS text messages.
  • Note: As of September 2024, Amazon SNS delivers SMS text messages via AWS End User Messaging. Existing SNS SMS APIs continue to work, but new phone numbers requested after Sept 24, 2024 require explicit permissions to be granted to Amazon SNS.
• Lambda – SNS can invoke Lambda functions with the payload of the published message.
• Amazon Data Firehose – Deliver events to delivery streams for archiving and analysis purposes (formerly known as Kinesis Data Firehose, renamed Feb 2024).

SNS Supported Endpoints

• Email Notifications
  • SNS provides the ability to send Email notifications
• Mobile Push Notifications
  • SNS provides an ability to send push notification messages directly to apps on mobile devices. Push notification messages sent to a mobile endpoint can appear in the mobile app as message alerts, badge updates, or even sound alerts
  • Supported push notification services
    • Amazon Device Messaging (ADM)
    • Apple Push Notification Service (APNs)
    • Firebase Cloud Messaging (FCM) – previously Google Cloud Messaging (GCM), which was deprecated April 2019. SNS added FCM HTTP v1 API support in January 2024. The legacy FCM API was removed by Google in June 2024.
    • Windows Push Notification Service (WNS) for Windows 8+ and Windows Phone 8.1+
    • Baidu Cloud Push for Android devices in China
  • Note: Microsoft Push Notification Service (MPNS) for Windows Phone 7+ has been deprecated and is no longer supported.
• SQS Queues
  • SNS with SQS provides the ability for messages to be delivered to applications that require immediate notification of an event, and also persist in an SQS queue for other applications to process at a later time
  • SNS allows applications to send time-critical messages to multiple subscribers through a “push” mechanism, eliminating the need to periodically check or “poll” for updates.
  • SQS can be used by distributed applications to exchange messages through a polling model, and can be used to decouple sending and receiving components, without requiring each component to be concurrently available.
• SMS Notifications
  • SNS provides the ability to send and receive Short Message Service (SMS) notifications to SMS-enabled mobile phones and smart phones
  • SMS delivery is now handled through AWS End User Messaging, providing enhanced features like SMS resource management, two-way messaging, granular resource permissions, and country block rules.
• HTTP/HTTPS Endpoints
  • SNS provides the ability to send notification messages to one or more HTTP or HTTPS endpoints. When you subscribe an endpoint to a topic, you can publish a notification to the topic and Amazon SNS sends an HTTP POST request delivering the contents of the notification to the subscribed endpoint
• Lambda
  • SNS and Lambda are integrated so Lambda functions can be invoked with SNS notifications.
  • When a message is published to an SNS topic that has a Lambda function subscribed to it, the Lambda function is invoked with the payload of the published message
• Amazon Data Firehose
  • Deliver events to delivery streams for archiving and analysis purposes.
  • Through delivery streams, events can be delivered to AWS destinations like S3, Redshift, and OpenSearch Service, or to third-party destinations such as Datadog, New Relic, MongoDB, and Splunk.
  • Note: Amazon Kinesis Data Firehose was renamed to Amazon Data Firehose in February 2024.

SNS FIFO Topics

• SNS FIFO (First-In-First-Out) topics provide strict message ordering and exactly-once message delivery combined with deduplication.
• Message Ordering – Messages are delivered in the exact order in which they are published to the topic, using message group IDs.
• Message Deduplication – Prevents duplicate messages from being delivered within a 5-minute deduplication interval using either content-based deduplication or a deduplication ID.
• Supported Subscriptions – FIFO topics can only deliver messages to SQS FIFO queues.
• Message Filtering – FIFO topics support the same subscription filter policies as standard topics.
• Message Archiving and Replay (launched Oct 2023) – Topic owners can set an archive policy with retention up to 365 days. Subscribers can set a replay policy to retrieve and redeliver archived messages using timestamps.
• High Throughput Mode – Supports higher message throughput per message group with the FifoThroughputScope attribute.
• Use Cases – Bank transaction logging, stock monitoring, flight tracking, inventory management, price update applications.

SNS Message Filtering

• SNS message filtering allows subscribers to receive only a subset of messages published to a topic by setting subscription filter policies.
• Attribute-based filtering – Filter messages based on message attributes (original capability).
• Payload-based filtering (launched Nov 2022) – Filter messages based on message body content, enabling filtering of events from 60+ AWS services that publish to SNS without message attributes.
• Filter policy scope can be set to MessageAttributes or MessageBody.
• Total combination of values in a filter policy must not exceed 150.
• If no filter policy is set, the subscriber receives all messages published to the topic.

SNS Message Security and Encryption

• Server-Side Encryption (SSE) – SNS supports encryption at rest using AWS KMS. Messages are stored in encrypted form and only decrypted when delivered.
• Only the message body is encrypted; message attributes, resource metadata, and metrics remain unencrypted.
• All requests to SNS topics with SSE activated must use HTTPS and Signature Version 4.
• In-transit encryption – All SNS API requests use HTTPS with TLS 1.2 or later recommended.

SNS Dead-Letter Queues

• SNS supports dead-letter queues (DLQ) for capturing messages that cannot be delivered to subscribed endpoints.
• Messages that fail delivery due to client errors or server errors are held in the DLQ for further analysis or reprocessing.
• A DLQ is an Amazon SQS queue attached to an SNS subscription (not the topic itself).
• Useful for debugging and recovering from delivery failures.

SNS Message Batching

• The PublishBatch API allows publishing up to 10 messages in a single API request.
• Reduces the number of API calls required for high-volume publishers.
• Supports both standard and FIFO topics.

SNS Cross-Region Delivery

• SNS supports cross-region delivery of messages to SQS queues and Lambda functions in other AWS Regions.
• As of July 2025, SNS enhanced cross-region delivery capabilities to support delivery from default-enabled Regions to opt-in Regions.

SNS Message Data Protection

• SNS message data protection could scan messages in real time for PII/PHI data and provide audit reports.
• Supported operations: Audit (log sensitive data findings), Deny (block messages with sensitive data), and Redact (mask sensitive data).

AWS Certification Exam Practice Questions

• Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
• AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
• AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
• Open to further feedback, discussion and correction.

1. Which of the following notification endpoints or clients does Amazon Simple Notification Service support? Choose 2 answers
   1. Email
   2. CloudFront distribution
   3. File Transfer Protocol
   4. Short Message Service
   5. Simple Network Management Protocol
2. What happens when you create a topic on Amazon SNS?
   1. The topic is created, and it has the name you specified for it.
   2. An ARN (Amazon Resource Name) is created
   3. You can create a topic on Amazon SQS, not on Amazon SNS.
   4. This question doesn’t make sense.
3. A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure that whenever there is an error, the monitoring tool should notify him via SMS. Which of the below mentioned AWS services will help in this scenario?
   1. None because the user infrastructure is in the private cloud/
   2. AWS SNS
   3. AWS SES
   4. AWS SMS
4. A user wants to make so that whenever the CPU utilization of the AWS EC2 instance is above 90%, the redlight of his bedroom turns on. Which of the below mentioned AWS services is helpful for this purpose?
   1. AWS CloudWatch + AWS SES
   2. AWS CloudWatch + AWS SNS
   3. It is not possible to configure the light with the AWS infrastructure services
   4. AWS CloudWatch and a dedicated software turning on the light
5. A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to send a notification?
   1. Email JSON
   2. HTTP
   3. AWS SQS
   4. AWS SES
6. A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?
   1. AWS CloudWatch + AWS SES
   2. AWS CloudWatch + AWS SNS
   3. AWS CloudWatch + AWS SQS
   4. AWS EC2 + AWS CloudWatch
7. A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?
   1. AWS Simple Notification Service
   2. AWS Simple Queue Service
   3. AWS Mobile Communication Service
   4. AWS Simple Email Service
8. You are providing AWS consulting service for a company developing a new mobile application that will be leveraging amazon SNS push for push notifications. In order to send direct notification messages to individual devices each device registration identifier or token needs to be registered with SNS, however the developers are not sure of the best way to do this. You advise them to: –
   1. Bulk upload the device tokens contained in a CSV file via the AWS Management Console
   2. Let the push notification service (e.g. Amazon Device messaging) handle the registration
   3. Implement a token vending service to handle the registration
   4. Call the CreatePlatformEndpoint API function to register multiple device tokens. (Refer documentation)
      
9. A company is running a batch analysis every hour on their main transactional DB running on an RDS MySQL instance to populate their central Data Warehouse running on Redshift. During the execution of the batch their transactional applications are very slow. When the batch completes they need to update the top management dashboard with the new data. The dashboard is produced by another system running on-premises that is currently started when a manually-sent email notifies that an update is required The on-premises system cannot be modified because is managed by another team. How would you optimize this scenario to solve performance issues and automate the process as much as possible?
   1. Replace RDS with Redshift for the batch analysis and SNS to notify the on-premises system to update the dashboard
   2. Replace RDS with Redshift for the batch analysis and SQS to send a message to the on-premises system to update the dashboard
   3. Create an RDS Read Replica for the batch analysis and SNS to notify the on-premises system to update the dashboard
   4. Create an RDS Read Replica for the batch analysis and SQS to send a message to the on-premises system to update the dashboard.
10. Which of the following are valid SNS delivery transports? Choose 2 answers.
    1. HTTP
    2. UDP
    3. SMS
    4. DynamoDB
    5. Named Pipes
11. What is the format of structured notification messages sent by Amazon SNS?
    1. An XML object containing MessageId, UnsubscribeURL, Subject, Message and other values
    2. An JSON object containing MessageId, DuplicateFlag, Message and other values
    3. An XML object containing MessageId, DuplicateFlag, Message and other values
    4. An JSON object containing MessageId, unsubscribeURL, Subject, Message and other values
12. Which of the following are valid arguments for an SNS Publish request? Choose 3 answers.
    1. TopicArn
    2. Subject
    3. Destination
    4. Format
    5. Message
    6. Language
13. A company requires strict message ordering for their financial transaction processing system. Which SNS feature should they use?
    1. Standard topics with message attributes
    2. FIFO topics with message group IDs
    3. Standard topics with delivery policies
    4. FIFO topics with dead-letter queues only
14. An application publishes thousands of events per second to an SNS topic. Subscribers only need to process events matching specific criteria. What is the most efficient approach?
    1. Have each subscriber receive all messages and filter locally
    2. Create separate topics for each message type
    3. Use SNS subscription filter policies to deliver only matching messages
    4. Use SQS queues with consumer-side filtering
15. Which of the following statements about SNS FIFO topics are correct? Choose 2 answers.
    1. FIFO topics provide exactly-once message delivery
    2. FIFO topics support delivery to HTTP/HTTPS endpoints
    3. FIFO topics can deliver to up to 12.5 million subscriptions
    4. FIFO topics support message archiving and replay
    5. FIFO topics can deliver to Lambda functions directly
16. A development team needs to filter SNS messages based on message body content from S3 event notifications. Which feature should they use?
    1. Message attributes filtering with attribute-based scope
    2. Payload-based message filtering with MessageBody scope
    3. Lambda function to filter before forwarding
    4. SQS message filtering

References

• Amazon SNS – Developer Guide
• Amazon SNS Features
• Amazon SNS FAQs
• Amazon SNS FIFO Topics
• Amazon SNS Message Filtering