CloudWiki

Amazon Web Service (AWS)

SNS

Queue
Amazon Simple Notification Service (SNS) is a notification service that provides low-cost infrastructure for mass delivery messages using a supported endpoint type, such as Amazon Kinesis Data Firehose, Amazon SQS, AWS Lambda, HTTP, email, mobile push notifications, and mobile text messages (SMS).
aws_sns_topic
SNS
attributes:
  • name - (Optional) The name of the topic. Topic names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. For a FIFO (first-in-first-out) topic, the name must end with the .fifo suffix. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix
  • name_prefix - (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name
  • display_name - (Optional) The display name for the topic
  • policy - (Optional) The fully-formed AWS policy as JSON. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.
  • delivery_policy - (Optional) The SNS delivery policy. More on AWS documentation
  • application_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
  • application_success_feedback_sample_rate - (Optional) Percentage of success to sample
  • application_failure_feedback_role_arn - (Optional) IAM role for failure feedback
  • http_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
  • http_success_feedback_sample_rate - (Optional) Percentage of success to sample
  • http_failure_feedback_role_arn - (Optional) IAM role for failure feedback
  • kms_master_key_id - (Optional) The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see Key Terms
  • fifo_topic - (Optional) Boolean indicating whether or not to create a FIFO (first-in-first-out) topic (default is false).
  • content_based_deduplication - (Optional) Enables content-based deduplication for FIFO topics. For more information, see the related documentation
  • lambda_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
  • lambda_success_feedback_sample_rate - (Optional) Percentage of success to sample
  • lambda_failure_feedback_role_arn - (Optional) IAM role for failure feedback
  • sqs_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
  • sqs_success_feedback_sample_rate - (Optional) Percentage of success to sample
  • sqs_failure_feedback_role_arn - (Optional) IAM role for failure feedback
  • firehose_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
  • firehose_success_feedback_sample_rate - (Optional) Percentage of success to sample
  • firehose_failure_feedback_role_arn - (Optional) IAM role for failure feedback
  • tags - (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Associating resources with a
SNS
Resources do not "belong" to a
SNS
Rather, one or more Security Groups are associated to a resource.
Create
SNS
via Terraform:
The following HCL creates a SNS with delivery policy
Syntax:

resource "aws_sns_topic" "user_updates" {
 name            = "user-updates-topic"
 delivery_policy = <<EOF
{
 "http": {
   "defaultHealthyRetryPolicy": {
     "minDelayTarget": 20,
     "maxDelayTarget": 20,
     "numRetries": 3,
     "numMaxDelayRetries": 0,
     "numNoDelayRetries": 0,
     "numMinDelayRetries": 0,
     "backoffFunction": "linear"
   },
   "disableSubscriptionOverrides": false,
   "defaultThrottlePolicy": {
     "maxReceivesPerSecond": 1
   }
 }
}
EOF
}

Create
SNS
via CLI:
Parametres:

create-topic
--name <value>
[--attributes <value>]
[--tags <value>]
[--data-protection-policy <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws sns create-topic \
   --name my-topic

Best Practices for
SNS

Categorized by Availability, Security & Compliance and Cost

Warning
Ensure SNS encryption is enabled
Warning
Ensure SNS is not publicly accessible
Explore all the rules our platform covers
All Resources