I'm hoping to find out if there is any way to encrypt message content from SNS to Lambda? My use case is that I am Publishing JSON content using AWS SDK to a SNS Topic which contains a Subscription using the Lambda protocol to send the content to a Lambda function.
I haven't been able to find any real detail regarding how the Lambda protocol works but I believe it is not encrypting the message content.
I know that I can use a KMS key or whatever to encrypt the content prior to Publishing to the topic but does anyone know of a way to set up SNS or the Lambda subscription to get encryption happening automatically?
Thanks!
As asdfg mentioned, SNS payloads are not automatically encrypted (although they are signed)
You can encrypt the SNS message body yourself if you wish.
Related
Hi I am developing an application in Java that parses documents using AWS Textract. For multipage parse I use the startDocumentAnalysis method available on the textract client. This client then responds with a jobId and the jobId is placed on the sqs queue along with it's completion status. I had a personal account previously and managed to get all of it working so a process reads messages from the queue and then get the result of the parse using :
GetDocumentAnalysisRequest documentAnalysisRequest = GetDocumentAnalysisRequest.builder().jobId(jobId)
.maxResults(maxResults).nextToken(paginationToken).build();
Now i have to do that on my company's AWS account and i have retraced my steps and everything works except now when i go to pick up the messages from the queue, all the messages come back as [] i.e. empty array.
I use this code:
messages = sqsClient.receiveMessage(receiveMessageRequest).messages();
So i know the error can't be in the java code because previously it worked.
I also know that i can upload to the new bucket and also do single page parses, so i know my credentials are correct.
I have created a topic on sns and registered my sqs to it but somewhere here there must be a permission or other configuration error. Maybe SNS and SQS are not talking to each other?
Wonder if anyone has any insights that could help me.
Thank you
I found the answer. It's all to do with the naming convention of the SNS topic. Explained in the documentation:
https://docs.aws.amazon.com/textract/latest/dg/api-async-roles.html
Step3 - Create an Amazon SNS topic. Prepend the topic name with AmazonTextract. Note the topic Amazon Resource Name (ARN). Ensure that the topic is in the same Region as the AWS endpoint that you're using.
Now that AWS Lambda supports sending responses directly to SNS without using the AWS API using the 'Destinations' feature, is it possible to include message attributes in the response? In particular in order to do message filtering (e.g. via a subscription filter policy). Something like this:
{ "Message" : "Hello World", "Accepted" : "true" }
We want SNS to look at the Accepted field and forward the message to the next step if true. It looks like this should be possible but I can't find any docs on exactly how to specific the message attributes on a response payload when using a lambda destination rather than the AWS API.
How do we format the lambda response payload so that an SNS attribute filter can operate on it, for a Lambda Destination -> SNS message?
In looking at the Lambda console and the Lambda documentation, I can't see a way to configure Lambda Destinations to include Message Attributes for Amazon SNS.
Instead, you could code the function itself to send a message to Amazon SNS, specifying the desired message attributes.
Now, SNS supports payload-based message filtering as well. Thus, you can filter the events coming from your Lambda functions. Check this out: https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-sns-payload-based-message-filtering/
I have a lambda function that notifies an SNS topic.
It currently sends an email each time I invoke the function so the lambda, the SNS piece and the email subscription are all working ok.
Now I want a Slack Integration.
I've created a channel called aws_int but I can't get it to receive the notification.
I am stuck on the need to 'verify the subscription'. I don't see how I would do this in the https connection to slack.
I don't understand how to do it manually using the console in aws because all the documentation keeps referring to using the 'Subscription Confirmation URL'
I can't find what that is.
but I cannot find what that is.
I found a post talking about the JSON being invalid: Confirming AWS SNS Topic Subscription for Slack Webhook but I don't understand how I would use that, maybe I could use Postman but I am not sure exactly how to format that POST.
So how can I integrate Slack and aws for an SNS topic, specifically how can I do the confirmation (which is required in order to activate it). This has to be a common need!
If I use the hook URL I get
Everything I am trying is just stacking up more Pending Confirmations, which btw I cannot delete...
Here's my postman attempt...
You really DON'T need Lambda. Just SNS and SLACK are enough.
I found a way to integrate AWS SNS with slack WITHOUT AWS Lambda or AWS chatbot. With this approach you can confirm the subscription easily.
Follow the video which show all the step clearly.
https://www.youtube.com/watch?v=CszzQcPAqNM
Steps to follow:
Create slack channel or use existing channel
Create a work flow with selecting Webhook
Create a variable name as "SubscribeURL". The name
is very important
Add the above variable in the message body of the
workflow Publish the workflow and get the url
Add the above Url as subscription of the SNS You will see the subscription URL in the
slack channel
Follow the URl and complete the subscription
Come back to the work flow and change the "SubscribeURL" variable to "Message"
The publish the
message in SNS. you will see the message in the slack channel.
It doesn't look like there is a way to confirm an SNS subscription to a Slack endpoint (email, webhook, whatever). If you want to use SNS as a decoupling layer, you'll need to add a lambda into the system, which can handle the confirmation process.
Lambda -> webhook -> SNS -> Lambda -> webhook -> Slack
Confirming AWS SNS Topic Subscription for Slack Webhook has some more information about this.
I would recommend just using the Lambda to send a message to slack, either calling another dedicated lambda, or just internally to the original one. There's a good tutorial here. If you really want to use SNS, then you could use your original lambda to trigger SNS, then have a new slack-dedicated lambda subscribe to the SNS topic.
I got some alarm notifications from AWS Cloudwatch to my email but they are usually sent in a JSON format and the problem is that some of those emails are getting received by non-technical people in my company. I was wondering if that is possible to customize the emails sent by AWS SNS because I don't see any option in how to customize it.
If you are using Cloudwatch/Event/Rules then you can use "Input transfomer" to customize the contents of the email and then SNS will send that instead of JSON.
I am using this setup to get notified when user signs in AWS console.
In my case "Event Source" is "AWS Console Sign-in" but you can try with Cloudwatch and see if that gets you what you need.
See the screenshot, hope it helps.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatch-Events-Input-Transformer-Tutorial.html
https://forums.aws.amazon.com/thread.jspa?messageID=820808
you trigger a lambda function from your SNS topic, take the event and either send it via SNS or SES. SES supports sending HTML mails, SNS just plain text mails.
I normally do the following approach:
Alarm -> SNS -> Lambda -> SES (HTML)
received by non-technical people in my company
I'd use a basic HTML template with buttons and nice looking text :-)
I created a post and a GitHub repository for that:
https://medium.com/#sandro_volpicella/how-to-customise-cloudwatch-alarm-notifications-with-lambda-ses-html-and-cdk-f0094b07fed6
https://github.com/AlessandroVol23/cloudwatch-custom-email-cdk
I don't think you can change the notifications from SNS sent via e-mail.
If you really need to customize them, you should look into SNS notifications via SES (Simple Email Service)
Is it possible to auto send/push the messages in Amazon SQS to DynamoDB? I wish to send my messages to SQS and for period of time I want to send this to DynamoDB. Another service should fetch the DynamoDB table and send it as email using SES.
Kindly help me out to achieve this. I will be using it for the User notification purpose from a Social networking site.
Thanks.
There is no AWS mechanism to automatically publish SQS messages to DynamoDB; but you can use an AWS Lambda event source mapping to automatically pull SQS messages and invoke a Lambda function, and it's pretty straightforward to write a Lambda function that writes those messages to DynamoDB. (Here's an example using Node.js: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/dynamodb-example-table-read-write.html.)
Yes I agree Hyangelo, you can do this with Simple Workflow Service (SWF).
SWF will give you a control feature over your application enabling you to distribute and execute different services or tasks when you want.
Here is the link to the documentation: http://aws.amazon.com/swf/
Sounds like a workflow system from how you describe what you want, have you considered Simple Workflow Service?
SQS can't be processed w/o pulling messages.
You can either use SWF to solve your use-case OR use SNS.
SNS<=>SQS binding is free by AWS.
Send your messages to SNS, bind your SNS with SQS & lambda-function.
On triggering lambda function - you can create dynamodb-record and send it to another SNS2.
Bind SNS2 <=> SES which will trigger the email.
checkout: https://aws.amazon.com/premiumsupport/knowledge-center/lambda-sns-ses-dynamodb/