Guided Lab: Creating an Amazon SNS HTTPS Subscription
Description
Amazon Simple Notification Service (SNS) is a fully managed messaging service that allows you to send notifications via multiple protocols, including email, email-JSON, and HTTPS. The HTTPS Subscription Protocol in Amazon SNS allows applications to receive notifications securely via HTTPS endpoints. This protocol is often used for systems requiring encrypted communication to ensure data integrity and confidentiality. When a message is published to an SNS topic, SNS sends a POST request to the subscribed HTTPS endpoint, making it ideal for applications like webhooks or other API integrations.
In this lab, you will create an SNS topic and set up an HTTPS subscription using an AWS Lambda Function URL to receive notifications.
Prerequisites
This lab assumes you have the following:
- Basic knowledge and understanding of AWS services, particularly Amazon SNS and AWS Lambda.
If you find any gaps in your knowledge, consider taking the following lab:
- Creating an Amazon SNS Standard Topic
- Amazon SNS Email Subscription
- Invoking Lambda functions through Function URL
Objectives
By the end of this lab, you will:
- Understand the purpose of HTTPS subscriptions in Amazon SNS.
- Learn how to configure an SNS topic with an HTTPS endpoint using a Lambda Function URL.
- Test the subscription by publishing a message directly to the SNS topic.
Lab Steps
Create an SNS Topic
1. Navigate to the Amazon SNS Console.
2. To create Topics, look for the Topics in the left-sidebar. Then, click on Create Topic. Follow the configurations below:
- Choose the Standard type.
- Enter a name for the topic, such as
TD-Topic
(as shown in the first image).
- Click Create Topic.
Kindly ignore the “Couldn’t retrieve data protection policy” warning. You can safely finish this lab even without this policy.
Create a Lambda Function with a Function URL
1. Navigate to the Lambda service and select “Create function”.
2. Follow the configurations below:
- Function name:
HTTPSNotificationHandler
- Runtime: Python 3.12
- Tick the Use an existing role and choose PlayCloud-Sandbox
- Scroll down, and tick Enable function URL and set the following:
- Auth type: None (for testing purposes; ensure to secure this in production).
4. Click “Create function”.
5. In the function code editor, replace the existing code with the following Python code example:
import json
def lambda_handler(event, context):
print("Received SNS message:", json.dumps(event))
return {
'statusCode': 200,
'body': 'Message received successfully'
}
Create an HTTPS Subscription Using the Lambda Function URL
1. In the Amazon SNS Console, go to Subscriptions in the left sidebar and click Create subscription. Configure the subscription with the following settings:
-
- Topic ARN: Choose the ARN of the
TD-Topic
created earlier. - Protocol: Select HTTPS.
- Endpoint: Enter the Function URL from the Lambda function.
- Tick the Enable raw message delivery.
- Topic ARN: Choose the ARN of the
- Click Create subscription.
Confirm the HTTPS Subscription
1. Check your Lambda function’s CloudWatch logs to verify that the subscription confirmation was received. Then, look for the SubscribeURL and copy it.
2. Select the subscription created earlier in the Amazon SNS console > Subscription, and click Confirm Subscription.
3. Paste the Function URL of your Lambda in the Confirm subscription text box. Click Confirm subscription.
4. You will receive a success confirmation notice.
- If you refresh the page, the status should have been updated to Confirmed.
Publish a Test Message to the Topic
1. In the SNS Console, go to the Topics section and select TD-Topic
. Then, click on Publish message.
Kindly ignore the “Couldn’t retrieve data protection policy” warning. You can safely finish this lab even without this policy.
- Subject: “Test HTTPS Notification”
- Message body: “Hello from Tutorials Dojo Team Mabuhay!”
- Leave the rest as is, scroll down, and click Publish message.
2. Check your Lambda function’s CloudWatch logs again. Open the latest log stream. You should see similar logs like the following image:
Congratulations! You have configured an HTTPS subscription protocol in Amazon SNS using a Lambda Function URL as the endpoint. By publishing a message directly in SNS, you verified that the message from SNS reached the Lambda function via HTTPS, demonstrating secure message delivery.
Key Takeaways:
- The HTTPS Subscription Protocol in Amazon SNS enables secure, encrypted notifications to HTTPS endpoints.
- Using a Lambda Function URL as an HTTPS endpoint allows you to receive and log SNS notifications in a serverless way.
- This configuration suits secure, event-driven architectures requiring reliable and structured message handling.
As a best practice, remember to delete any resources no longer in use, such as AWS Lambda, SNS topics, and subscriptions, to maintain a clutter-free AWS environment.
Thank you for joining this lab, and happy learning!