Publish Amazon SNS Messages Privately

With Amazon SNS, Amazon VPC, Amazon EC2, Amazon CloudFormation, and AWS Lambda


In this tutorial, you learn how to publish messages to an Amazon SNS topic while keeping the messages secure in a private network.

Amazon Simple Notification Service (Amazon SNS) is fully-managed event-driven pub/sub messaging service that can be used to decouple distributed systems and microservices. To get started with Amazon SNS, you first have to create a topic, which is an access point for subscribers interested in receiving notifications about a specific subject. When a message is published to a topic, Amazon SNS pushes the message to all appropriate subscribers, which could be HTTP endpoints, Amazon SQS queues, or AWS Lambda functions.

In some cases, your applications may require higher levels of security and need to be deployed into a private network. Some common cases for private networking and messaging include:

  • Isolating development and testing environments
  • Sharing personally identifiable information (PII) about your customers
  • Hosting a PCI-compliant e-commerce website
  • Developing healthcare applications subject to HIPAA
  • Implementing a cryptographic algorithm subject to FIPS 140
  • Processing mortgage applications in a banking system

By publishing messages privately from a private network, such as Amazon VirtualPrivate Cloud (VPC), you can improve the security of the traffic between your applications and Amazon SNS.

An Amazon Virtual Private Cloud (VPC) is a virtual network that closely resembles a traditional network that you’d operate in your own data center. Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. With VPC on AWS, you have little upfront investment, and you can scale your infrastructure in or out as necessary. You get all the benefits of a secure environment at no extra cost: AWS security controls, certifications, accreditations, and features meet the security criteria set out by some of the most discerning and security-conscious customers in large enterprise as well as governmental agencies. For a full list of certifications and accreditations, go to the AWS Compliance Center.

In this tutorial, you'll create a temporary VPC in your AWS account, privately publish a message from an Amazon EC2 instance in this VPC to an Amazon SNS topic, and verify that your message was delivered to subscribing AWS Lambda functions and logged in Amazon CloudWatch. You'll be able to confirm that the message stays within the AWS network, without traveling the public Internet. Finally, you'll clean up and delete the resources that you created for the tutorial.

 AWS Experience


 Time to Complete

20 minutes

 Cost to Complete

Each service used in this architecture is eligible for the AWS Free Tier. If you are outside the usage limits of the Free Tier, completing this learning path will cost you less than $0.25*.

 Services Used

*This estimate assumes you follow the recommended configurations throughout the tutorial and terminate all resources within 24 hours.
**Accounts that have been created within the last 24 hours might not yet have access to the resources required for this learning path.

Application Architecture

This application development project uses Amazon SNS, Amazon VPC, Amazon EC2, Amazon CloudFormation and AWS Lambda as pictured below.

Application Architecture