Amazon SNS features

Event-driven computing is a model in which subscriber services automatically perform work in response to events triggered by publisher services. This paradigm can be applied to automate workflows while decoupling the services that collectively and independently work to fulfill these workflows. Amazon SNS is an event-driven hub that has native integration with a wide variety of AWS event sources and event destinations.

Message publishing enables you to send data, in the form of messages, to an Amazon SNS topic which delivers the messages asynchronously to the applications that are subscribed to the topic. You can publish from 1 to 10 messages per API request. You may choose to batch messages together to reduce your Amazon SNS costs. Each message can contain up to 256KB of data. If your use case requires larger data payloads, the Amazon SNS Extended Client Library stores the payload (up to 2GB) in an Amazon S3 bucket and publishes the reference of the stored Amazon S3 object to the Amazon SNS topic.

Message filtering empowers your subscriber applications to create filter policies, so that these applications can receive only the notifications that they are interested in, as opposed to receiving every message published to the topic. This enables you to simplify your architecture, offloading the message filtering logic from subscriber applications as well as the message routing logic from publisher applications.

When you publish a message to a topic, Amazon SNS replicates and delivers the message to applications subscribed to the topic. Amazon SNS supports application-to-application (A2A) and application-to-person (A2P) message delivery. Amazon SNS also supports cross-region and cross-account message delivery, in addition to message delivery status logging with Amazon CloudWatch.

Amazon SNS uses a number of mechanisms that work together to provide message durability. To start, published messages are stored across multiple, geographically-separated servers and data centers. If a subscribed endpoint isn't available, Amazon SNS executes a message delivery retry policy. To preserve any messages that aren't delivered before the delivery retry policy ends, you can use a dead-letter queue powered by Amazon SQS. Moreover, you can subscribe Amazon Kinesis Data Firehose delivery streams to Amazon SNS topics, which allows messages to be sent to durable endpoints such as Amazon S3 buckets or Amazon Redshift tables.

Amazon SNS provides encrypted topics to protect your messages from unauthorized and anonymous access. When you publish messages to encrypted topics, Amazon SNS immediately encrypts your messages. The encryption takes place on the server, using a 256-bit AES-GCM algorithm and a Customer Master Key (CMK) issued with AWS Key Management Service (KMS). The messages are stored in encrypted form, and decrypted as they are delivered to subscribing endpoints, such as Amazon SQS queues, Amazon Kinesis Data Firehose streams, AWS Lambda functions, HTTP/S endpoints, phone numbers, mobile apps, and email addresses.

Amazon SNS supports VPC Endpoints (VPCE) via AWS PrivateLink. You can use VPC Endpoints to privately publish messages to Amazon SNS topics, from an Amazon Virtual Private Cloud (VPC), without traversing the public internet. This feature brings additional security, helps promote data privacy, and aligns with assurance programs. When you use AWS PrivateLink, you don’t need to set up an Internet Gateway (IGW), Network Address Translation (NAT) device, or Virtual Private Network (VPN) connection. You don’t need to use public IP addresses, either.

Amazon SNS message data protection empowers topic owners to define data protection policies that can discover and protect sensitive data that is transmitted via their topics. This can help you to simplify your architecture by offloading data protection logic from your applications, while helping support your compliance objectives, for example, with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), General Data Privacy Regulation (GDPR), Payment Card Industry Compliance (PCI), and Federal Risk and Authorization Management Program (FedRAMP). You can audit messages that are inbound to a topic to determine how much sensitive data they contain or prevent them from being delivered to downstream subscribers by blocking messages that contain sensitive data.

Amazon SNS provides a direct connection to Amazon Kinesis Data Firehose, allowing message storage in services such as Amazon S3, Amazon Redshift, Amazon OpenSearch Service, and MongoDB. This feature also enables message storage in analytics services, such as Datadog, New Relic, and Splunk.

Amazon SNS supports the ability to send SMS text messages at scale to 200+ countries, using a highly available and durable service, with redundancy across multiple SMS providers. With Amazon SNS, you are be able to control your originating identity by using a sender ID, long codes, or short codes. Moreover, you can use the Amazon SNS sandbox to validate your SMS workloads before moving them to production.

Amazon SNS mobile notifications make it simple and cost effective to fan out mobile push notifications to iOS, Android, Fire, Windows, and Baidu devices. Mobile notifications can be triggered from user-driven actions or business logic. Amazon SNS delivers mobile push notifications through Amazon Device Messaging (ADM), Apple Push Notification Service (APNs), Baidu Cloud Push (Baidu), Firebase Cloud Messaging (FCM), Microsoft Push Notification Service for Windows Phone (MPNS), and Windows Push Notification Services (WNS).

Amazon SNS supports the delivery of notifications to email addresses subscribed to topics. This feature supports a variety of use cases. For example, you can use Amazon SNS to receive application alerts, as email notifications, to bring visibility into your DevOps workflows. Thus, you can be notified immediately when an event occurs, such as a specific change to your Amazon EC2 Auto Scaling group, or a new file uploaded to your Amazon S3 bucket, or a metric threshold breached in Amazon CloudWatch.