Amazon SNS (Simple Notification Service)

Amazon SNS is a fully managed pub/sub messaging service that allows you to send messages to multiple subscribers — such as SQS queues, Lambda functions, email, SMS, or HTTP endpoints.

Amazon SNS – Security

Security Feature Description
IAM Policies Control which users/services can publish or subscribe.
Topic Policies Fine-grained access control for specific SNS topics.
KMS Encryption Encrypt messages at rest using AWS KMS.
HTTPS Endpoints Secure message delivery to subscribers over SSL.
VPC Endpoints (PrivateLink) Keep traffic within AWS network.

SNS + SQS: Fan-Out Architecture

Fan-out means publishing a single message to multiple destinations.

💡 How It Works:

  • SNS topic receives a message
  • SNS delivers it to multiple subscribed SQS queues
  • Each queue can process the message independently
           [Publisher]
                |
            [SNS Topic]
           /     |     \
       [SQS A] [SQS B] [Lambda]

📦 Application: S3 Events → SNS → Multiple SQS Queues

Use case: Notify different microservices when a file is uploaded.

Flow:

  1. S3 Event → triggers SNS
  2. SNS → fan-out to multiple SQS queues
  3. Each SQS queue → different consumer/process

🧾 Amazon SNS – FIFO Topics (First-In-First-Out)

  • Guarantees exactly-once message delivery
  • Maintains strict order
  • Use when order and duplication prevention are critical

🔧 Requirements:

  • MessageGroupId
  • DeduplicationId (optional, or let SNS auto-generate)

🔁 SNS FIFO + SQS FIFO: Fan-Out

  • SNS FIFO publishes to multiple SQS FIFO queues
  • Ensures:
    • Message ordering preserved
    • Exactly-once delivery
  • Useful for banking, order processing, inventory systems

📌 All queues must be FIFO and use the same MessageGroupId logic

🎯 SNS – Message Filtering

SNS allows subscribers to filter messages based on message attributes (no need to process irrelevant messages).

💡 Example:

Message Attributes:
{
  "eventType": "image-upload"
}

🔧 Benefits:

  • Reduces unnecessary traffic
  • Simplifies consumer logic

📤 SNS → Amazon S3 via Kinesis Data Firehose

SNS can't directly publish to S3. Instead:

Flow:

  1. SNS → sends message to Kinesis Data Firehose
  2. Firehose → buffers, batches, and delivers to S3
  3. Optionally: Firehose transforms data via Lambda

📌 Use case: audit logs, analytics pipelines, IoT messages

✅ Summary Table

Feature / Pattern Purpose
SNS Security Control access, encryption, safe delivery
SNS + SQS (Fan-out) Send messages to multiple consumers
S3 Events → SNS → SQS Event-driven architecture for file uploads
SNS FIFO Strict ordering + exactly-once delivery
SNS FIFO + SQS FIFO Reliable, ordered, multi-destination processing
SNS Message Filtering Deliver only relevant messages to subscribers
SNS → S3 via Firehose Persist messages to S3 for analytics/audit
Back to blog

Leave a comment