In the left-hand menu, select Topics to view a list of existing SNS topics. Click on a topic to explore its details, including Topic ARN, Access policy, Delivery status logging, and Subscriptions.
Subscriptions:
Click on Subscriptions to see a list of all active subscriptions. Each subscription provides details such as the Topic ARN, Protocol (e.g., HTTP, email, SQS), and Endpoint.
Applications:
Under Applications, explore the mobile push messaging configurations if your setup includes Amazon SNS mobile push notifications (e.g., for Android, iOS, or Kindle Fire).
3. Exploring the AWS Well-Architected Framework Pillars
For each topic, click on the Monitoring tab to review metrics like NumberOfMessagesPublished, NumberOfNotificationsDelivered, and NumberOfNotificationsFailed. Regularly monitoring these metrics helps you identify and address operational issues.
Delivery Status Logging:
Under Topic details, check if Delivery status logging is enabled. This logs the delivery status of messages, which is crucial for tracking and diagnosing operational issues.
Subscription Management:
Navigate to Subscriptions to ensure that endpoints are correctly configured and active. Regularly reviewing subscriptions helps you maintain efficient and uninterrupted message delivery.
Access Policy Management:
Within each topic's Access policy, review permissions to see which IAM roles, AWS services, or accounts can publish to the topic. Proper access management helps prevent unauthorized use and supports operational health.
Click on a topic, then go to the Access policy section to review its permissions. Ensure that the topic’s access policy follows the principle of least privilege, granting only necessary permissions to specific IAM users, roles, or AWS services.
Encryption:
In the Topic details section, check if Server-side encryption (SSE) is enabled for the topic. Encryption with an AWS Key Management Service (KMS) key ensures that your messages are protected both at rest and in transit.
Message Integrity:
Review the use of Message attributes to pass metadata securely with messages. For HTTPS endpoints, ensure proper validation of incoming messages to maintain data integrity.
Subscription Protocols:
In the Subscriptions section, review the Protocols used for endpoints (e.g., HTTPS, SQS, Lambda). Secure communication channels (such as HTTPS) should be used for transmitting sensitive information.
Review the Subscriptions section to check if Dead-Letter Queues (DLQs) are configured for endpoints. DLQs store messages that fail to deliver after a number of retries, enabling you to troubleshoot failures and ensure message reliability.
Message Delivery Retries:
In the Subscription details, explore the Retry policy for endpoints like HTTP/S. SNS automatically retries failed deliveries, but reviewing and tuning the retry policy helps optimize delivery reliability.
Monitoring and Alerts:
Use the Monitoring tab to track the status of message deliveries. Although configuring CloudWatch Alarms is not available with read-only access, you can suggest creating alarms for key metrics like NumberOfNotificationsFailed to maintain a reliable notification system.
Subscription Redundancy:
Ensure that critical notifications use multiple endpoints (e.g., email, SQS, Lambda) to increase redundancy in message delivery, reducing the risk of single points of failure.
Under the Monitoring tab for each topic, review metrics like NumberOfMessagesPublished and NumberOfNotificationsDelivered to monitor usage patterns. Identifying high-cost usage areas helps you optimize the number of notifications sent.
Efficient Protocols:
In the Subscriptions section, review the Protocol used for message delivery. For large-scale applications, use SQS or Lambda endpoints to manage notifications cost-effectively compared to more expensive options like SMS or email.
Consolidate Topics:
Where possible, consolidate multiple notifications into fewer topics to simplify management and potentially lower costs by avoiding excessive topic creation and access policies.
Evaluate Necessity of Features:
Review Delivery status logging settings to ensure that you are logging only necessary events. Reducing unnecessary logging can optimize costs related to CloudWatch Logs or Amazon S3.
Check if Message filtering is configured for topic subscriptions. Filtering allows subscribers to receive only relevant messages based on message attributes, improving the performance of your messaging system by reducing unnecessary processing.
Monitor Throughput:
Under the Monitoring tab, observe metrics such as NumberOfMessagesPublished and NumberOfNotificationsDelivered. Regular monitoring helps you identify performance bottlenecks and scale your endpoints appropriately.
Optimized Subscription Protocols:
In the Subscriptions section, review the Protocols used for delivering messages. Use protocols like SQS or Lambda for high-performance, low-latency message processing.
Mobile Push Notifications:
If using Applications for mobile push notifications, verify that platform application endpoints are correctly configured to optimize delivery performance to mobile devices.
Use CloudWatch Metrics (accessible through the Monitoring tab) to identify issues such as high failure rates. While you cannot set up alarms with read-only access, you can suggest creating CloudWatch Alarms for critical metrics.
AWS Config and Security Hub:
If AWS Config and AWS Security Hub are enabled, review compliance findings related to SNS configurations to ensure they adhere to security and operational best practices.