iCompaas Support

Profile Applicability:
 • Level 2

Description:

Amazon Simple Notification Service (SNS) allows users to send messages or notifications to various endpoints such as email, HTTP/S, SMS, and Lambda functions. Creating SNS subscriptions ensures that notifications (e.g., from CloudWatch alarms or other AWS services) are delivered to the desired recipients or systems for timely action.

Rationale:

Creating SNS subscriptions helps ensure that the right individuals or systems receive critical alerts, notifications, and logs. By subscribing to specific SNS topics, organizations can automate responses to certain events (such as scaling EC2 instances or responding to CloudWatch alarms) or inform relevant stakeholders of important updates. This is a key part of maintaining real-time visibility and incident response capabilities.

Impact:

Pros:

• Provides real-time notification capabilities for events and alarms
  

• Allows seamless integration with a wide range of endpoints (email, SMS, Lambda, etc.)
  

• Helps automate operational workflows and incident responses
  

• Improves monitoring and operational awareness by notifying the right users or systems
  

Cons:

• Misconfigured subscriptions can result in missing critical alerts or notifications
  

• Potential costs associated with sending SMS or other notifications at scale
  

• Overuse of SNS notifications may cause alert fatigue if not properly managed
  

Default Value:

By default, SNS subscriptions are not created. You must manually create subscriptions and ensure they are configured to deliver notifications to the appropriate endpoint.

Pre-requisites:

• IAM permissions to create and manage SNS topics and subscriptions (e.g., sns:CreateSubscription, sns:Publish)
  

• Understanding of the necessary endpoints to receive notifications (e.g., email addresses, Lambda functions, SMS numbers)
  

• A defined strategy for managing and categorizing notifications (e.g., by severity level, application, or department)
  

Remediation:

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console
   

2. Navigate to SNS > Topics
   

3. Verify that SNS topics have been created for critical notifications and events
   

4. Check that the proper subscriptions are created for each SNS topic
   

5. Ensure that subscriptions are configured with correct endpoints (e.g., valid email addresses, correct Lambda functions)
   

6. Test by triggering an SNS notification (e.g., by sending a test message) to confirm that the subscription delivers notifications as expected
   

Using AWS CLI:

List all SNS topics to verify which topics have subscriptions:

aws sns list-topics

Describe the subscriptions for a specific topic:

aws sns list-subscriptions-by-topic --topic-arn <topic-arn>

Verify the subscription's endpoint (email, Lambda, etc.):

aws sns get-subscription-attributes --subscription-arn <subscription-arn>

Implementation Plan:

Using AWS Console:

1. Sign in to the AWS Management Console
   

2. Navigate to SNS > Topics
   

3. Select the SNS topic to which you want to create a subscription
   

4. Click Create subscription
   

5. Choose the protocol (e.g., Email, SMS, Lambda, HTTP/S)
   

6. Provide the endpoint for the subscription (e.g., an email address, Lambda ARN, phone number)
   

7. Click Create subscription
   

8. If using email or SMS, verify the subscription by following the instructions sent to the provided endpoint
   

Using AWS CLI:

Create an SNS subscription for an email endpoint

aws sns subscribe --topic-arn <topic-arn> --protocol email --notification-endpoint <email-address>

Create an SNS subscription for an HTTP/S endpoint:

aws sns subscribe --topic-arn <topic-arn> --protocol https --notification-endpoint <https-endpoint-url>

Create an SNS subscription for a Lambda function:

aws sns subscribe --topic-arn <topic-arn> --protocol lambda --notification-endpoint <lambda-arn>

Confirm the subscription (for email or SMS) by checking the verification link in the email/SMS sent to the endpoint

aws sns confirm-subscription --topic-arn <topic-arn> --token <confirmation-token>

Backout Plan:

Using AWS Console:

1. Navigate to SNS > Subscriptions
   

2. Select the subscription to delete
   

3. Click Delete to remove the subscription
   

4. Confirm that any associated SNS notifications or integrations are not disrupted
   

Using AWS CLI:

Delete the SNS subscription:

aws sns unsubscribe --subscription-arn <subscription-arn>

Verify that the subscription was deleted:

aws sns list-subscriptions

References:

• SNS Topic and Subscription Documentation
  

• AWS CLI SNS Command Reference
  SNS Best Practices