Publish Amazon SNS Messages Privately
With Amazon SNS, Amazon VPC, Amazon EC2, Amazon CloudFormation, and AWS Lambda
7 Steps | 20 Minutes
In this tutorial, you learn how to publish messages to an Amazon SNS topic while keeping the messages secure in a private network.
Amazon Simple Notification Service (Amazon SNS) is fully-managed event-driven pub/sub messaging service that can be used to decouple distributed systems and microservices. To get started with Amazon SNS, you first have to create a topic, which is an access point for subscribers interested in receiving notifications about a specific subject. When a message is published to a topic, Amazon SNS pushes the message to all appropriate subscribers, which could be HTTP endpoints, Amazon SQS queues, or AWS Lambda functions.
In some cases, your applications may require higher levels of security and need to be deployed into a private network. Some common cases for private networking and messaging include:
- Isolating development and testing environments
- Sharing personally identifiable information (PII) about your customers
- Hosting a PCI-compliant e-commerce website
- Developing healthcare applications subject to HIPAA
- Implementing a cryptographic algorithm subject to FIPS 140
- Processing mortgage applications in a banking system
By publishing messages privately from a private network, such as Amazon VirtualPrivate Cloud (VPC), you can improve the security of the traffic between your applications and Amazon SNS.
An Amazon Virtual Private Cloud (VPC) is a virtual network that closely resembles a traditional network that you’d operate in your own data center. Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. With VPC on AWS, you have little upfront investment, and you can scale your infrastructure in or out as necessary. You get all the benefits of a secure environment at no extra cost: AWS security controls, certifications, accreditations, and features meet the security criteria set out by some of the most discerning and security-conscious customers in large enterprise as well as governmental agencies. For a full list of certifications and accreditations, go to the AWS Compliance Center.
In this tutorial, you'll create a temporary VPC in your AWS account, privately publish a message from an Amazon EC2 instance in this VPC to an Amazon SNS topic, and verify that your message was delivered to subscribing AWS Lambda functions and logged in Amazon CloudWatch. You'll be able to confirm that the message stays within the AWS network, without traveling the public Internet. Finally, you'll clean up and delete the resources that you created for the tutorial.
Time to Complete
Cost to Complete
Each service used in this architecture is eligible for the AWS Free Tier. If you are outside the usage limits of the Free Tier, completing this learning path will cost you less than $0.25*.
- An Active AWS Account*
- AWS CloudFormation
- AWS Lambda
- Amazon EC2
- Amazon SNS
- Amazon VPC
*This estimate assumes you follow the recommended configurations throughout the tutorial and terminate all resources within 24 hours.
**Accounts that have been created within the last 24 hours might not yet have access to the resources required for this learning path.
This application development project uses Amazon SNS, Amazon VPC, Amazon EC2, Amazon CloudFormation and AWS Lambda as pictured below.