HAQM SNS features

Event-driven computing is a model in which subscriber services automatically perform work in response to events triggered by publisher services. This paradigm can be applied to automate workflows while decoupling the services that collectively and independently work to fulfill these workflows. HAQM SNS is an event-driven hub that has native integration with a wide variety of AWS event sources and event destinations.

Message publishing enables you to send data, in the form of messages, to an HAQM SNS topic which delivers the messages asynchronously to the applications that are subscribed to the topic. You can publish from 1 to 10 messages per API request. You may choose to batch messages together to reduce your HAQM SNS costs. Each message can contain up to 256KB of data. If your use case requires larger data payloads, the HAQM SNS Extended Client Library stores the payload (up to 2GB) in an HAQM S3 bucket and publishes the reference of the stored HAQM S3 object to the HAQM SNS topic.

Message filtering empowers your subscriber applications to create filter policies, so that these applications can receive only the notifications that they are interested in, as opposed to receiving every message published to the topic. This enables you to simplify your architecture, offloading the message filtering logic from subscriber applications as well as the message routing logic from publisher applications.

When you publish a message to a topic, HAQM SNS replicates and delivers the message to applications subscribed to the topic. HAQM SNS supports application-to-application (A2A) and application-to-person (A2P) message delivery. HAQM SNS also supports cross-region and cross-account message delivery, in addition to message delivery status logging with HAQM CloudWatch.

HAQM SNS uses a number of mechanisms that work together to provide message durability. To start, published messages are stored across multiple, geographically-separated servers and data centers. If a subscribed endpoint isn't available, HAQM SNS executes a message delivery retry policy. To preserve any messages that aren't delivered before the delivery retry policy ends, you can use a dead-letter queue powered by HAQM SQS. Moreover, you can subscribe HAQM Kinesis Data Firehose delivery streams to HAQM SNS topics, which allows messages to be sent to durable endpoints such as HAQM S3 buckets or HAQM Redshift tables.

HAQM SNS provides encrypted topics to protect your messages from unauthorized and anonymous access. When you publish messages to encrypted topics, HAQM SNS immediately encrypts your messages. The encryption takes place on the server, using a 256-bit AES-GCM algorithm and a Customer Master Key (CMK) issued with AWS Key Management Service (KMS). The messages are stored in encrypted form, and decrypted as they are delivered to subscribing endpoints, such as HAQM SQS queues, HAQM Kinesis Data Firehose streams, AWS Lambda functions, HTTP/S endpoints, phone numbers, mobile apps, and email addresses.

HAQM SNS supports VPC Endpoints (VPCE) via AWS PrivateLink. You can use VPC Endpoints to privately publish messages to HAQM SNS topics, from an HAQM Virtual Private Cloud (VPC), without traversing the public internet. This feature brings additional security, helps promote data privacy, and aligns with assurance programs. When you use AWS PrivateLink, you don’t need to set up an Internet Gateway (IGW), Network Address Translation (NAT) device, or Virtual Private Network (VPN) connection. You don’t need to use public IP addresses, either.

HAQM SNS message data protection empowers topic owners to define data protection policies that can discover and protect sensitive data that is transmitted via their topics. This can help you to simplify your architecture by offloading data protection logic from your applications, while helping support your compliance objectives, for example, with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), General Data Privacy Regulation (GDPR), Payment Card Industry Compliance (PCI), and Federal Risk and Authorization Management Program (FedRAMP). You can audit messages that are inbound to a topic to determine how much sensitive data they contain, prevent them from being delivered to downstream subscribers via blocking, or de-identify specific data in the payload via redaction or masking.

For Standard topics, HAQM SNS provides a direct connection to HAQM Kinesis Data Firehose, allowing message storage in services such as HAQM S3, HAQM Redshift, HAQM OpenSearch Service, and MongoDB. This feature also enables message storage in analytics services, such as Datadog, New Relic, and Splunk. For FIFO topics, HAQM SNS offers an in-place option to store and replay your messages, without the need to provision a separate archival resource. This improves the durability of your event-driven applications, and can help you recover from downstream failure scenarios.

HAQM SNS supports the ability to send SMS text messages at scale to 200+ countries, using a highly available and durable service, with redundancy across multiple SMS providers. With HAQM SNS, you are be able to control your originating identity by using a sender ID, long codes, or short codes. Moreover, you can use the HAQM SNS sandbox to validate your SMS workloads before moving them to production.

HAQM SNS mobile notifications make it simple and cost effective to fan out mobile push notifications to iOS, Android, Fire, Windows, and Baidu devices. Mobile notifications can be triggered from user-driven actions or business logic. HAQM SNS delivers mobile push notifications through HAQM Device Messaging (ADM), Apple Push Notification Service (APNs), Baidu Cloud Push (Baidu), Firebase Cloud Messaging (FCM), Microsoft Push Notification Service for Windows Phone (MPNS), and Windows Push Notification Services (WNS).

HAQM SNS supports the delivery of notifications to email addresses subscribed to topics. This feature supports a variety of use cases. For example, you can use HAQM SNS to receive application alerts, as email notifications, to bring visibility into your DevOps workflows. Thus, you can be notified immediately when an event occurs, such as a specific change to your HAQM EC2 Auto Scaling group, or a new file uploaded to your HAQM S3 bucket, or a metric threshold breached in HAQM CloudWatch.