How do I activate delivery status logging for Amazon SNS?

Short description

You can use delivery status logging to monitor and troubleshoot message delivery from Amazon SNS topics to subscribed endpoints. You can track successful deliveries, identify failures, and analyze delivery patterns through Amazon CloudWatch Logs.

To review the services that Amazon SNS provides logging for delivery status of notification messages, see Amazon SNS message delivery status.

Note: Amazon SNS doesn't support delivery status logging for email endpoints. To track email delivery, use Amazon Simple Email Service (Amazon SES) to monitor email sending activity.

Resolution

Attach the required permissions for delivery status logging

The AWS Identity and Access Management (IAM) role attached to the delivery status must include SNS permissions to write to CloudWatch Logs.

You can use an existing IAM role with permissions. If you use an existing IAM role, then make sure that you include permissions for the CreateLogGroup, CreateLogStream, and PutLogEvents CloudWatch APIs. Or, you can create a new IAM role, and then attach the following permissions to the role:

{
  "Version":"2012-10-17",		 	 	 
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*"
    }
  ]
}

For more information, see Prerequisites for delivery status logging.

Activate delivery status logging for SNS topics

To activate delivery status logging for SNS topics, you can use the AWS Management Console, AWS SDKs, or AWS CloudFormation.

Activate delivery status logging for SMS messages

To activate delivery status logging for SMS messages, see How do I access Amazon SNS topic delivery logs for SMS messages?

View delivery status logs

Complete the following steps:

1. Open the CloudWatch console.
2. In the navigation pane, expand Logs, and then choose Log Management.
3. In the Filter log groups search box, search for the following log groups:
   For SNS topics, enter sns/your-region/your-account-id/your-topic-name.
   For SMS, enter sns/your-region/your-account-id/DirectPublishToPhoneNumber or sns/your-region/your-account-id/DirectPublishToPhoneNumber/Failure.
   For platform applications, enter sns/your-region/your-account-id/app/platform/application-name.
   Note: Replace your-region with your AWS Region, your-account-id with your AWS account ID, your-topic-name with your SNS topic name, and application-name with your application name.
4. Select the SNS log group that you want to view.
5. Verify that the log streams exist for your configured endpoint protocol.
6. Confirm that the log entries appear in CloudWatch Logs.

For more information, see View log data sent to CloudWatch Logs.

Troubleshoot delivery status logging issues

If delivery status logs don't appear in CloudWatch Logs after you activated logging, then take the following actions:

• Check the Success sample rate for the percentage of successful messages that you want to receive. If you set the success sample rate to 0%, then only failed deliveries are logged. Increase the sample rate to log successful deliveries.
• Verify that your CloudWatch Logs are in the same Region as your SNS topic.
• Make sure that Amazon SNS publishes your messages. SNS only creates delivery status logs when it publishes messages.
• It takes several minutes for log groups to appear in CloudWatch Logs. Refresh the CloudWatch console, and then check for the delivery status logs again.

Related information

How do I access Amazon SNS topic delivery logs for push notifications?