Will discuss about some of the features of SNS.Notes on Security is important for the exams.
SNS Security Features
All API calls made to SNS are validated for the user’s AWS Id and the signature.
Topics can only be created by users with valid AWS IDs who have signed up for SNS.
Only the owner of the topic can change permissions for that topic. A topic owner can set explicit permissions to allow others (with valid AWS ID) to publish to topic.
The owner can grant/revoke publish or subscribe permissions on a topic using the AddPermission and RemovePermission APIs.
SNS permits users with and without AWS IDs to receive notifications.
The owner of the topic can grant/restrict appropriate permissions (including conditional access) to subscribers using Access Control policies.
All API calls made to Amazon SNS will validate authenticity by requiring that requests be signed with the secret key of the AWS ID account and verifying the signature included in the requests.
To ensure that message comes from Amazon SNS, SNS will publish its public certificate to a well-known location and sign messages with the private key of that certificate.
SNS requires publishers with AWS IDs to validate their messages by signing messages with their secret AWS key; the signature is then validated by Amazon SNS.
Both publishers and subscribers can use SSL to help secure the channel to send and receive messages.
Publishers can connect to Amazon SNS over HTTPS and publish messages over the SSL channel.
Subscribers should register an SSL-enabled end-point as part of the subscription registration, and notifications will be delivered over a SSL channel to that end-point.
SNS Mobile Push Notifications
SNS Mobile Push lets you use SNS to deliver push notifications to Apple, Google, Fire OS, and Windows devices, as well as Android devices in China with Baidu Cloud Push.
With push notifications, an installed mobile application can notify its users immediately by popping a notification about an event, without opening the application. The notification appears on your device, and when you acknowledge it, the app launches to display more information. Users’ experiences are similar to receiving an SMS, but with enhanced functionality and at a fraction of the cost.
Push notifications can only be sent to devices that have your app installed, and whose users have opted in to receive them. SNS Mobile Push does not require explicit opt-in for sending push notifications, but iOS, Android and Kindle Fire operating systems do require it. In order to send push notifications with SNS, you must also register your app and each installed device with SNS.
SNS does not require you to modify your client app. However, Baidu Cloud Push requires Baidu-specific components to be added to your client code. When you publish a notification to a topic, SNS will send identical copies of that message to each endpoint subscribed to the topic. The publish will fail if it exceeds the maximum payload size imposed by the relevant push notifications platform.
Direct addressing allows you to deliver notifications directly to a single endpoint, rather than sending identical messages to all subscribers of a topic. This is useful if you want to deliver precisely targeted messages to each recipient. When you register device tokens with SNS, SNS creates an endpoint that corresponds to the token. You can publish to the token endpoint just as you would publish to a topic.
You can direct publish either the text of your notification, or a platform-specific payload that takes advantage of platform-specific features such as updating the badge count of your app. At this time, direct addressing is only supported for mobile push endpoints (APNS, GCM, ADM, WNS, MPNS, Baidu) and SMS. Email messaging requires the use of topics.
What is Time to Live (TTL)
Some messages that you can send with SNS are relevant or valuable only for a limited period of time. SNS now allows you to set a TTL (Time to Live) value for each message. When the TTL expires for a given message that was not delivered and read by an end user, the message is deleted. TTL is specified in seconds and is relative to the time Publish call is made.
You can specify a TTL using the console or via API. TTL can be specified at publish time for a message, using the message attribute below. There is a different attribute for each platform. An attribute specified for a platform is applicable only for notification deliveries to that platform. SNS uses a default Time to Live (TTL) of 4 weeks for all mobile platforms.
Some platforms treat TTL = 0 as a special case and attempt to deliver the message immediately, else let it expire. If you specify TTL = 0, SNS will relay your message to the appropriate service with TTL = 0 in order to take advantage of this special case.
Raw Message Delivery
By default, messages are delivered encoded in JSON that provides metadata about the message and topic. You can opt-in to get your messages delivered in raw form, i.e. exactly as you published them. Raw message delivery can be enabled by setting the “RawMessageDelivery” property on the subscriptions. This property can be set from the Console, or by using the API SetSubscriptionAttributes.
Raw message delivery support is supported with SQS and HTTP(S) endpoints. Deliveries to Lambda, email, and SMS endpoints will behave the same independent of the “RawMessageDelivery” property. When raw-formatted messages are delivered to HTTP/s endpoints, the message body will be included in the body of the HTTP POST.