- Newest
- Most votes
- Most comments
Amazon SNS supports delivery status logging for both HTTP and HTTPS endpoint types.
When setting Delivery status logging through the AWS CLI, you need to:
- Configure IAM roles for successful and failed deliveries (
HTTPSuccessFeedbackRoleArnandHTTPFailureFeedbackRoleArnattributes) that have permission to write logs CloudWatch Logs. Have you checked this? See Prerequisites for delivery status logging. - Configure Success sample rate (
HttpSuccessFeedbackSampleRateattribute) to a value greater than 0 to log sucessful deliveries.
Remember to look at the right log group, it must follow /aws/sns/<region>/<account-id>/<topic-name>.
Based on the information available, it appears that message delivery status logging for an Amazon SNS topic subscribed to an HTTPS endpoint is not explicitly supported.
Amazon SNS does offer delivery status logging for several types of endpoints, including HTTP, AWS Lambda, Amazon SQS, Amazon Kinesis Data Firehose, and platform application endpoints. However, HTTPS endpoints are not specifically mentioned in the list of supported protocols for delivery status logging.
The delivery status logging feature is designed to provide insights into message delivery operations, helping users determine whether a message was successfully delivered to an endpoint, identify the response from the endpoint to Amazon SNS, and measure message dwell time. These logs are sent to Amazon CloudWatch Logs for monitoring and troubleshooting purposes.
If you have enabled delivery status logging for your SNS topic but are not seeing logs for your HTTPS endpoint, it's likely because this specific endpoint type is not supported for delivery status logging.
To confirm this or explore potential workarounds, you may want to consider the following options:
- Double-check your logging configuration to ensure it's set up correctly for the supported endpoint types.
- Consider using an HTTP endpoint instead of HTTPS, if possible, as HTTP is explicitly mentioned as supported.
- Reach out to AWS Support for clarification on whether HTTPS endpoints are supported for delivery status logging, as the documentation may not be fully comprehensive.
- Explore alternative monitoring solutions or custom logging implementations if delivery status logging is crucial for your HTTPS endpoint.
Remember that while delivery status logging might not be available for HTTPS endpoints, you can still use other Amazon SNS features and best practices to manage and monitor your notifications effectively.
Sources
Amazon SNS message delivery status - Amazon Simple Notification Service
Configuring delivery status logging using the AWS SDKs - Amazon Simple Notification Service
Configuring delivery status logging using the AWS Management Console - Amazon Simple Notification Service
Relevant content
- asked 5 months ago
- asked 3 years ago
- asked 2 years ago
AWS OFFICIALUpdated 23 days ago
Thanks Jesus for the info. I have provided more privileges to the SNS role that I created. I also have the following: delivery_status_logging = { http_success_feedback_role_arn = aws_iam_role.sns_delivery_logging.arn http_success_feedback_sample_rate = 100 http_failure_feedback_role_arn = aws_iam_role.sns_delivery_logging.arn } anr of the log group dedicated for this purpose is the following: arn:aws:logs:us-east-1:<account_id>:log-group:/aws/sns/<log-group-name>
#log-grou-name is dedicated for this purpose alone.
Though the notification is reaching the HTTPS endpoint, I don't see status logs created in the log group. I don't see any cloudtrial log showing any denied messages either.
Update: The delivery status logging has been working, but it was not writing to the specific log-group (/aws/sns/...). Instead, it was creating a new one and writing there (sns/.....). Since I was searching for /aws/sns, it did not show up... Thanks for the support Jesus as I was alluding to believe that delivery status logging for https endpoint is not currently supported.