1. What is SNS?

Amazon SNS is a fully managed publish/subscribe (pub/sub) messaging service. A publisher sends a message to a topic, and SNS delivers it to all subscribers of that topic simultaneously.

SQS vs SNS
SQS = queue (one consumer pulls messages). SNS = topic (many subscribers receive messages simultaneously). SQS = pull model. SNS = push model. SQS decouples 1-to-1. SNS fans out 1-to-many.

2. Key Characteristics

  1. Pub/Sub model: one message → many subscribers
  2. Up to 12.5 million subscriptions per topic
  3. Up to 100,000 topics per account
  4. Message size: up to 256 KB
  5. Push-based: SNS pushes messages to subscribers (no polling)

3. SNS Subscribers

4. SNS + SQS Fan-Out Pattern

Fan-Out Pattern:

Producer → SNS Topic
               |
          ┌─────┼─────┐
          |     |     |
        SQS-A SQS-B SQS-C
          |     |     |
      Consumer Consumer Consumer
      (email)  (process) (archive)

One event triggers multiple independent processing pipelines.
Each SQS queue processes independently. Failure in one doesn’t affect


5. SNS FIFO Topics

  1. Strict ordering by Message Group ID
  2. Exactly-once delivery (deduplication)
  3. Can ONLY have SQS FIFO queues as subscribers (not email, SMS, HTTP, Lambda)
  4. Topic name must end with .fifo
  5. Throughput: up to 300 publishes/sec (3,000 with batching)

6. Message Filtering

  1. SNS can filter messages before delivering to subscribers
  2. Each subscriber defines a filter policy (JSON) that matches message attributes
  3. Only messages matching the filter are delivered to that subscriber
  4. Without a filter policy, the subscriber receives ALL messages
  5. Reduces unnecessary message delivery and processing
Filter Policy Example:

Message attributes: { "eventType": "order_placed", "region": "us-east" }

SQS-Orders subscriber filter:  { "eventType": ["order_placed"] }     → receives ✓
SQS-Shipping subscriber filter: { "eventType": ["order_shipped"] }   → does NOT receive ✗
SQS-US subscriber filter:      { "region": ["us-east", "us-west"] } → receives ✓


7. SNS Security

  1. Encryption at rest: SSE-KMS. Encryption in transit: HTTPS.
  2. Access control: IAM policies + SNS resource policies (cross-account publishing/subscribing)
  3. S3 events can publish to SNS (bucket → SNS topic)
Exam Tip
SNS: "Fan-out to multiple consumers" = SNS + SQS Fan-Out. "Push notification" = SNS. "One message to many" = SNS topic. FIFO Topic subscribers: SQS FIFO only. Message Filtering = reduce unnecessary delivery. "Email alert on event" = SNS → Email. SNS + SQS Fan-Out is the #1 most tested integration pattern.