Standard topics can be used in many scenarios, as long as your application can process messages that arrive more than once and out of order, for example: fanning out messages to media encoding, fraud detection, tax calculation, search index, and critical alerting applications.
Maximum throughput: Standard topics support a nearly unlimited number of messages per second.
Best-effort ordering: Occasionally, messages might be delivered in an order different from which they were published.
FIFO topics are designed to enhance messaging between applications when the order of operations and events is critical, or where duplicates can't be tolerated, for example: fanning out messages to bank transaction logging, stock monitoring, flight tracking, inventory management, and price update applications.
High throughput: FIFO topics support up to 300 messages per second or 10 MB per second per FIFO topic (whichever comes first).
Strict ordering: The order in which messages are published and delivered is strictly preserved (i.e. first-in-first-out).
Best-effort deduplication: A message is delivered at least once, but occasionally more than one copy of a message is delivered.
Multiple subscription types: Messages can be delivered to application-to-application (A2A) endpoints (Amazon SQS, Amazon Kinesis Data Firehose, AWS Lambda, HTTPS) as well as application-to-person (A2P) endpoints (SMS, mobile push, and email).
Message fanout: Each account can support 100,000 Standard topics and each topic supports up to 12.5M subscriptions.
Strict deduplication: Duplicate messages aren't delivered. Deduplication happens within a 5-minute interval, from the message publish time.
SQS FIFO subscriptions: Messages can be delivered to Amazon SQS FIFO queues.
Message fanout: Each account can support 1,000 FIFO topics and each topic supports up to 100 subscriptions.
Event sources and destinations
Event-driven computing is a model in which subscriber services automatically perform work in response to events triggered by publisher services. This paradigm can be applied to automate workflows while decoupling the services that collectively and independently work to fulfill these workflows. Amazon SNS is an event-driven hub that has native integration with a wide variety of AWS event sources and event destinations.
Message publishing and batching
Message publishing enables you to send data, in the form of messages, to an Amazon SNS topic which delivers the messages asynchronously to the applications that are subscribed to the topic. You can publish from 1 to 10 messages per API request. You may choose to batch messages together to reduce your Amazon SNS costs. Each message can contain up to 256KB of data. If your use case requires larger data payloads, the Amazon SNS Extended Client Library stores the payload (up to 2GB) in an Amazon S3 bucket and publishes the reference of the stored Amazon S3 object to the Amazon SNS topic.
Message filtering empowers your subscriber applications to create filter policies, so that these applications can receive only the notifications that they are interested in, as opposed to receiving every message published to the topic. This enables you to simplify your architecture, offloading the message filtering logic from subscriber applications as well as the message routing logic from publisher applications.
- Simplifying Your Pub/Sub Messaging with Amazon SNS Message Filtering
- Message Filtering Operators for Numeric Matching, Prefix Matching, and Anything-But Matching in Amazon SNS
- Monitoring Your Amazon SNS Message Filtering Activity with Amazon CloudWatch
- Managing Amazon SNS Subscription Attributes with AWS CloudFormation
Message fanout and delivery
When you publish a message to a topic, Amazon SNS replicates and delivers the message to applications subscribed to the topic. Amazon SNS supports application-to-application (A2A) and application-to-person (A2P) message delivery. Amazon SNS also supports cross-region and cross-account message delivery, in addition to message delivery status logging with Amazon CloudWatch.
Amazon SNS uses a number of mechanisms that work together to provide message durability. To start, published messages are stored across multiple, geographically-separated servers and data centers. If a subscribed endpoint isn't available, Amazon SNS executes a message delivery retry policy. To preserve any messages that aren't delivered before the delivery retry policy ends, you can use a dead-letter queue powered by Amazon SQS. Moreover, you can subscribe Amazon Kinesis Data Firehose delivery streams to Amazon SNS topics, which allows messages to be sent to durable endpoints such as Amazon S3 buckets or Amazon Redshift tables.
Amazon SNS provides encrypted topics to protect your messages from unauthorized and anonymous access. When you publish messages to encrypted topics, Amazon SNS immediately encrypts your messages. The encryption takes place on the server, using a 256-bit AES-GCM algorithm and a Customer Master Key (CMK) issued with AWS Key Management Service (KMS). The messages are stored in encrypted form, and decrypted as they are delivered to subscribing endpoints, such as Amazon SQS queues, Amazon Kinesis Data Firehose streams, AWS Lambda functions, HTTP/S endpoints, phone numbers, mobile apps, and email addresses.
Amazon SNS supports VPC Endpoints (VPCE) via AWS PrivateLink. You can use VPC Endpoints to privately publish messages to Amazon SNS topics, from an Amazon Virtual Private Cloud (VPC), without traversing the public internet. This feature brings additional security, helps promote data privacy, and aligns with assurance programs. When you use AWS PrivateLink, you don’t need to set up an Internet Gateway (IGW), Network Address Translation (NAT) device, or Virtual Private Network (VPN) connection. You don’t need to use public IP addresses, either.
Message data protection
Amazon SNS message data protection empowers topic owners to define data protection policies that can discover and protect sensitive data that is transmitted via their topics. This can help you to simplify your architecture by offloading data protection logic from your applications, while helping support your compliance objectives, for example, with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), General Data Privacy Regulation (GDPR), Payment Card Industry Compliance (PCI), and Federal Risk and Authorization Management Program (FedRAMP). You can audit messages that are inbound to a topic to determine how much sensitive data they contain, prevent them from being delivered to downstream subscribers via blocking, or de-identify specific data in the payload via redaction or masking.
Message archiving and analytics
Amazon SNS provides a direct connection to Amazon Kinesis Data Firehose, allowing message storage in services such as Amazon S3, Amazon Redshift, Amazon OpenSearch Service, and MongoDB. This feature also enables message storage in analytics services, such as Datadog, New Relic, and Splunk.
SMS text messages
Amazon SNS supports the ability to send SMS text messages at scale to 200+ countries, using a highly available and durable service, with redundancy across multiple SMS providers. With Amazon SNS, you are be able to control your originating identity by using a sender ID, long codes, or short codes. Moreover, you can use the Amazon SNS sandbox to validate your SMS workloads before moving them to production.
Mobile push notifications
Amazon SNS mobile notifications make it simple and cost effective to fan out mobile push notifications to iOS, Android, Fire, Windows, and Baidu devices. Mobile notifications can be triggered from user-driven actions or business logic. Amazon SNS delivers mobile push notifications through Amazon Device Messaging (ADM), Apple Push Notification Service (APNs), Baidu Cloud Push (Baidu), Firebase Cloud Messaging (FCM), Microsoft Push Notification Service for Windows Phone (MPNS), and Windows Push Notification Services (WNS).
Amazon SNS supports the delivery of notifications to email addresses subscribed to topics. This feature supports a variety of use cases. For example, you can use Amazon SNS to receive application alerts, as email notifications, to bring visibility into your DevOps workflows. Thus, you can be notified immediately when an event occurs, such as a specific change to your Amazon EC2 Auto Scaling group, or a new file uploaded to your Amazon S3 bucket, or a metric threshold breached in Amazon CloudWatch.