AWS AUDITING, MONITORING AND NOTIFICATION SERVICES
AWS SNS
SNS is a fast, flexibility, fully managed push notification service
Its a web service that coordinates and manages the delivery or sending of messages (from the cloud) to subscribing endpoints or clients.
It allows for sending individual messages or fan-out messages to a large number of recipients or other distributed AWS services.
- Messages published to an SNS topics will be delivered to the subscribers immediately.
SNS allows you to:
- Send push messages ( not poll messages like SQS)
- Scale as your needs grow
- Engage audiences directly or all at once
- Deliver messages worldwide and across multiple transport protocols
- Easily connect with other AWS services such as Cloud Watch, SQS, Lambda, S3
- Message delivery analysis
- Usage based pricing
In Amazon SNS, there are two types of clients-publishers and subscribers- also referred to as producers and consumers
- Publishers communicate asynchronously with subscribers by producing and sending a message to a topic,
- Subscribers (web servers, email addresses, Amazon SQS, HTTP/S, email, SMS, Lambda, Application) when they are subscribed to the topic.
SNS Topic:
It is a logical access point and communication channel.
Each topic has a unique name
- A topic name is limited to 256 alphanumeric characters
- The topic name must be unique within the AWS account
- Each topic is assigned an AWS ARN (Amazon Resource Name) once it gets created
- A topic can support subscribers and notification deliveries over multiple protocols
Messages/requests to a single topic can be delivered over multiple protocols as configured when creating each subscriber
Delivery formats/transport protocols (end points)
- SMS
- Email-JSON
- HTTP/HTTPs
- SQS
- AWS Lambda
When using Amazon SNS, you create a topic and control access to it by defining access policies that determine which publishers and subscribers can communicate with the topic.
Instead of including a specific destination address in each message, a publisher sends a message to the topic. A publisher sends messages to topics that they have created or to topics they have permission to publish to.
- Amazon SNS matches the topic to alist of subscribers who have subscribed to that topic and delivers the message to each of those subscribers.
- Each topic has a unique name that identifies the Amazon SNS endpoint for publishers to post messages and subscribers to register for notifications.
- Subscribers receive all messages published to the topics to which they subscribe, and all subscribers to a topic receive the same messages.
SNS Reliability
Amazon SNS stores all topic and message information within Amazon’s proven network infrastructure and data centers.
- At least three copies of the data are stored across multiple availability zones,
This means that no single computer or network failure renders Amazon SNS inaccessible.
Securing messages to topics:
- All API calls made to Amazon SNS are validated for the users AWS ID and the signature.
- AWS recommends that users secure their data over the wire by connecting to the secure SSL end-points
Authenticating API Calls:
All API calls made to Amazon SNS will validate authenticity by requiring that:
- Request be signed with the secret key of the AWS ID account
- And verifying the signature included in the requests.
Amazon SNS require publishers with AWS IDs to validate their messages by singing messages with their secret AWS key; the signature is then validated by Amazon SNS.
SNS- Security- Publishing/Subscribers to an SNS Topic
- By default, only the topic owner can publish to the SNS topic
- The owner can set/change permissions to one or more users to publish to his topic
- Only the owner of the topic can grant/change permissions for the topic.
- Subscribers can be those with/without AWS IDs
Only subscribers with AWS ID can request subscriptions
- Both publishers and subscribers can use SSL to help secure the channel to send and receive messages.
SNS Mobile Push Notifications
SNS Mobile Push lets you use Simple Notification Service (SNS) to deliver push notifications to Apple, Google, Fire OS and Windows devices
With Push notifications, an installed mobile application can notify its users immediately by popping a notification about an event, without opening the application.
Push notifications can only be sent to devices that have your app installed, and whose users have opted in to receive them.
SNS Mobile Push does not require explicit opt in for sending push notifications, but IOS, Android and Kindly Fire operating systems do require it.
In order to send push notifications with SNS, you must also register your app and each installed device with SNS.
SNS Mobile Push Notifications
Supported push notification platforms: Currently, the following notifications platforms are supported:
- Amazon Device Messaging (ADM)
- Apple Push Notification Service (APNS)
- Google Cloud Messaging (GCM)
SNS Mobile Push Notifications
SNS topics can have subscribers from any supported push notifications platform, as well as any other endpoint type such as SMS or email.
When you publish a notification to a topic, SNS will send identical copies of that message to each endpoint subscribed to the topic.
AWS SNS & AWS CloudTrail
You can get the history for SNS API calls made to your account by enabling Cloudtrail
- Cloudtrail will delivery log files for your SNS API Calls
Cloudtrail logs will provide:
SNS API Caller
Source IP address
Time of the API call
Request parameters
Response elements returned by SNS
- This would be handy for security analysis, auditing, and operating/troubleshooting purposes
- Cloudtrail logs for SNS are available for authenticated API calls only.
This would be handy for security analysis, auditing, and operational/troubleshooting purposes.
Cloudtrail logs for SNS are available for authenticated API calls only.
In next blog, we will discuss much on other monitoring services.
Happy Day!
