By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

using amazon sns to send message to end user for transactional services

0

Hi, We have to send text sms to our end user using amazon aws sns service. as of now we are using Twilio but we want to use one more service for it. I have created account in aws and sent message to my mobile number and it is getting delivered so prototype is done but now the questions is:-

  1. Does aws support MTLS. As per my organization if we are interacting with any third party service then authentication should happen using MTLS. as far as I know aws sdk uses TLS 1.2 . will this customization be possible? or any work around or any other security mechanism we can use? instead of sdk can we use rest end point to send message?

  2. I am not able to check DR of my message. so when I read documentation I found I need to use cloud watch for it.

basically We are not using AWS as of now. Our java spring boot application is hosted in PCF. is it possible to use only amazon sns without other service of AWS for my requirement? if not which all service we will have to use? also is there a facility in AWS SNS through which it can send delivery receipt of the message or does it provide any rest end point which which we can call? We have traffic of more than 2 million a month so want to know in great detail.

MTLS is mandatory. I read amazon APIGW support MTLS but we dont want to use it until no option, you can explain this flow as well. if this flow works then my application will send sms to my apigw which will send to aws apigw and then mesaage will go to sns. till aws apigw communication will happen using MTLS. Please correct me if my understading is incorrect.

Thanks in advance. Rohit

Topics
Security, Identity, & ComplianceServerlessFront-End Web & MobileNetworking & Content DeliveryApplication IntegrationJava Development
Tags
Security, Identity, & ComplianceAmazon API GatewayAmazon Simple Notification Service (SNS)AWS IAM Identity CenterJava Development
Language
English
Rohit
asked 2 months ago142 views
1 Answer
1

SNS does not support mTLS. Saying that, you still need to sign all requests to SNS using SigV4 using AWS credentials, which will tell the service who is calling it. It is not mTLS, but it does authenticate the client. You could use API Gateway in front of SNS. API Gateway does support mTLS. In this case your application will call API Gateway which will call SNS.

You do not need to use any other AWS service, except for IAM, in order to generate the IAM Role and get the AWS credentials needed to send the requests to SNS. Maybe also CloudWatch to monitor the usage of SNS.

Regarding delivery notifications, you can enable them to be sent to CloudWatch Logs as described here.

profile pictureAWS
EXPERT
Uri
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content