2.2.4. SNS Notifications and AWS User Notifications

💡 First Principle: An alert that reaches the wrong person at the wrong time is as bad as no alert. SNS is the notification bus that carries alerts from AWS services to humans and other systems. Understanding its delivery model — fan-out to multiple subscribers — is key to building reliable alerting architectures.

SNS Core Concepts:

Fan-out Pattern: One SNS message can trigger multiple actions simultaneously. This is a critical architecture pattern:

Message Filtering: Without filtering, every subscriber receives every message — including noise irrelevant to their role. A subscription filter policy is a JSON document that specifies attribute conditions. Only messages with matching attributes are delivered to that subscriber.

{
  "severity": ["CRITICAL", "HIGH"],
  "environment": ["production"]
}

AWS User Notifications is a newer service that provides a unified notification experience across AWS. It aggregates notifications from multiple AWS services (Health events, Security Hub findings, CloudWatch alarms) and delivers them to multiple channels (email, AWS Console mobile app, Slack, Chime) with a consistent format. Think of it as a managed notification hub that sits above individual service alerts.

⚠️ Exam Trap: SNS topics are regional — a topic in us-east-1 is separate from a topic in us-west-2. If you need cross-region alerting, either replicate the alarm configuration in each region or route events through EventBridge cross-region before publishing to SNS.

Reflection Question: Your team has 5 sub-teams, each responsible for different services. All alerts currently go to one SNS topic, and every engineer gets paged for every alert. How would you redesign the alerting architecture using SNS features?