Posted On: Sep 22, 2023

Amazon SNS message data protection is a set of capabilities that leverage pattern matching, machine learning models, and content policies to help security and engineering teams facilitate real-time data protection in their applications that use Amazon SNS to exchange high volumes of data. Now, you can de-identify outbound message data within a payload, in real-time, via data redaction or masking. Thus, each endpoint subscribed to your Amazon SNS topic may receive a different payload from the topic, with different sensitive data de-identified, according to their data access permissions.

With message data protection for Amazon SNS, you can discover and protect certain types of personally identifiable information (PII) and protected health information (PHI) data that is in motion between your applications. Message data protection enables topic owners to define and apply data protection policies that scan messages in real-time for sensitive data to provide detailed audit reports of findings, block message delivery, and de-identify data within inbound or outbound message payloads via redaction or masking.

De-identification for outbound messages is available in all AWS Regions, except for AWS GovCloud (US) Regions.

Start discovering and protecting sensitive data in real-time using the AWS Software Development Kit (SDK), AWS Command Line Interface (CLI), AWS CloudFormation, or AWS Management Console.

To learn more about Amazon SNS message data protection, see the following: