Amazon SNS (Pub/Sub Notifications)
Amazon SNS (Simple Notification Service) is a fully managed pub/sub (publish/subscribe) messaging service. One part of your system publishes a message to a topic, and SNS instantly pushes a copy of that message to every subscriber of that topic. SNS is the easiest way to take one event and “fan out” — deliver it to many independent consumers at once, like a Lambda function, an SQS queue, an HTTP endpoint, an email inbox, or a phone via SMS. It matters because it lets you decouple producers from consumers: the publisher never needs to know who is listening.
How SNS works: topics and subscribers
The core idea has three pieces:
- Topic — a named channel you publish messages to. It has an ARN (Amazon Resource Name, a unique ID for the resource) like
arn:aws:sns:us-east-1:123456789012:orders-topic. - Publisher — anything that sends a message to the topic (a Lambda, an app, another AWS service).
- Subscriber — an endpoint that receives a copy of every message. SNS supports several subscriber types.
| Subscriber type | Use it for | Needs confirmation? |
|---|---|---|
| Lambda | Run code on each message | No |
| SQS | Buffer messages durably for a worker | No |
| HTTP/HTTPS | Webhook to your own server | Yes |
| Email / Email-JSON | Human notifications, alerts | Yes |
| SMS | Text-message alerts to phones | No (but opt-in rules apply) |
SNS is push: when you publish, SNS immediately tries to deliver to every subscriber. This is “fire and forget” — the publisher gets back a message ID and moves on.
Gotcha: Because SNS pushes once, a subscriber that is momentarily down (an HTTP endpoint returning 500, a Lambda being throttled) can miss the message. SNS retries on a schedule, but for guaranteed durable delivery the standard pattern is SNS to SQS (see below) so each consumer reads from its own buffered queue at its own pace.
When to use SNS (and when not to)
Use SNS when one event needs to reach many independent consumers, or when you want to notify humans (email/SMS) or trigger several actions from a single event — for example, an “order placed” event that should update inventory, email the customer, and start a fulfillment workflow.
Don’t use SNS when you have one producer and one consumer that needs reliable, ordered, work-queue-style processing — that’s a job for Amazon SQS. Don’t use raw SNS alone when you cannot tolerate any missed messages; pair it with SQS.
Standard vs FIFO topics
| Feature | Standard topic | FIFO topic |
|---|---|---|
| Ordering | Best-effort | Strict order per group |
| Delivery | At-least-once (rare duplicates) | Exactly-once |
| Throughput | Nearly unlimited | 300 messages/sec (3,000 with batching) |
| Subscribers | Lambda, SQS, HTTP, email, SMS, mobile push | SQS FIFO and Standard only |
Use Standard for almost everything — notifications, fan-out, alerts. Use FIFO only when strict ordering and no duplicates matter, such as financial transactions. FIFO topics can only deliver to SQS queues.
Create a topic and subscribe (Console)
- Open the SNS console and choose Topics then Create topic.
- Pick Standard (or FIFO), name it
orders-topic, and choose Create topic. - On the topic page, choose Create subscription.
- Pick a Protocol (e.g.
Email), enter the Endpoint (e.g.[email protected]), and create it. - For email/HTTP, open the confirmation message and click Confirm subscription — the subscription stays
PendingConfirmationuntil you do.
Create a topic and subscribe (CLI)
# Create a Standard topic
aws sns create-topic --name orders-topicOutput:
{
"TopicArn": "arn:aws:sns:us-east-1:123456789012:orders-topic"
}# Subscribe an email address
aws sns subscribe \
--topic-arn arn:aws:sns:us-east-1:123456789012:orders-topic \
--protocol email \
--notification-endpoint [email protected]Output:
{
"SubscriptionArn": "pending confirmation"
}The subscriber must click the confirmation link in the email before any messages arrive. Then publish:
aws sns publish \
--topic-arn arn:aws:sns:us-east-1:123456789012:orders-topic \
--subject "New order" \
--message '{"orderId":"A-1001","total":42.50}'Output:
{
"MessageId": "f1d2a3b4-5c6d-7e8f-9012-3456789abcde"
}The SNS + SQS fan-out pattern
This is the durable, production-grade pattern. Instead of subscribing each consumer directly, you subscribe one or more SQS queues to the topic. SNS pushes each message into every queue, and each consumer drains its own queue at its own speed. If a consumer is down, its messages wait safely in the queue — nothing is lost.
# CloudFormation: topic + queue + subscription
Resources:
OrdersTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: orders-topic
InventoryQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: inventory-queue
InventorySub:
Type: AWS::SNS::Subscription
Properties:
TopicArn: !Ref OrdersTopic
Protocol: sqs
Endpoint: !GetAtt InventoryQueue.Arn
RawMessageDelivery: trueYou also need a queue policy allowing the topic to send messages, and RawMessageDelivery: true strips the SNS envelope so consumers get the raw payload.
Tip: SNS pricing is cheap — the first 1 million publishes per month are free, then roughly $0.50 per million. SQS deliveries from SNS are free of SNS request charges. SMS is the costly one (often $0.006–$0.08 per message depending on country), so guard SMS topics carefully.
Best Practices
- Default to Standard topics; reserve FIFO for true ordering/dedup needs and remember it only delivers to SQS.
- For any consumer that must not miss messages, subscribe an SQS queue rather than a direct Lambda or HTTP endpoint.
- Enable a dead-letter queue (DLQ) on subscriptions so messages that fail repeatedly are captured instead of dropped.
- Use message filtering (subscription filter policies) so each subscriber only receives the message types it cares about.
- Encrypt sensitive topics with a KMS key (server-side encryption) and lock down publish/subscribe with IAM and topic access policies.
- Remember that email, HTTP/HTTPS subscriptions stay inactive until confirmed — verify the subscription status before relying on them.