Questions tagged with Amazon Simple Notification Service (SNS)
Content language: English
Sort by most recent
Hello:
Is there any way of configuring SNS to send emails using the FROM MAIL domain configured and verified in SES?
I can send emails from SES with my own domain (verified FROM MAIL), but I don't see a way to tell SNS to use this FROM MAIL configuration for outbound emails.
I would appreciate any clarification.
I would like to give very specific, temporary permissions to a user/role to allow them to send an SMS, restricting the body template and the Sender ID.
I know I can do this in SES (https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_SendEmail.html), but is it possible with Pinpoint (or even SNS)?
Thanks for the help! :)
I'm setting up Mautic and using Amazon SES to send the emails via SMTP. I'm a little confused about how SES & SNS work together...what exactly does SNS do and why did I have to set it up when I created my account.
I was watching a tutorial on how to setup Amazon SES and because of that I created an SNS topic for (example):
cats.com
**I created the SNS topic for this domain though I'm not actually using it (readon below)**
----
**Later**, I changed my mind for which domain I want to send emails from so I verified another domain called (example):
dogs.com
**dogs.com has no SNS topic assigned**
I also verified the email that Mautic is setting as the "from" email address:
marketing.dogs.com
**marketing.dogs.com has no SNS topic assigned**
Yesterday I sent out a newsletter inside Mautic and then I started receiving a bunch of failure emails inside the marketing.dogs.com inbox...I'm aware that those are emails that failed to send for one reason of the other. Here are my questions, please help by answering them in point form because some are for my knowledge and some are to address the issue at hand
#1 - Why did it send those failure emails to marketing.dogs.com?
#2 - How did it know to send the failure emails it to marketing.dogs.com and not something like: emailfailures.dogs.com? (how do I set that?)
#3 - Why am I receiving these failure emails to begin with?
#4 - *I want to not receive any emails about bounces/complaints* etc inside the marketing.dogs.com mailbox. I see mautic can handle bounces and complaints via a webhook created in SES, see here: https://docs.mautic.org/en/channels/emails/bounce-management#amazon-webhook but in all screenshots/tutorials i come across they have this part of the topic set up that does not exist for me:
So I am not sure how/why SES is sending failure emails to marketing.dogs.com mailbox (how does it know? does it just assume that "hey, you're the sender, so let me send back these failures to you"
Hello
I have been implementing what should be a fairly straight-forward integration with SNS to send mobile push notifications.
However, I have found 2 different sources from the docs [^1] and and the blog [^2] that clearly state I have ignored some corner cases.
> It may be tempting to just call CreatePlatformEndpoint every time at app startup and call it good. In practice this method doesn’t give a working endpoint in some corner cases, such as when an app was uninstalled and reinstalled on the same device and the endpoint for it already exists but is disabled.
Looking at the provided examples, AWS recommend storing the platform endpoint ARN bound to the *current* device, but as I understand it, this cannot be stored in the device itself, since a malicious user may alter it and thus be granted access to another user's platform endpoint.
Nor could I store it in Dynamo (or another database), indexed by the device token, which could be changed by FCM.
What would be the recommended way to store the platform endpoint? Should I encrypt it with KMS and still store it on the end user device? Or maybe storing it in plain text is not as bad as I believe? Or did I misunderstand something about the way the device token is updated?
[^1]: https://docs.aws.amazon.com/sns/latest/dg/mobile-platform-endpoint.html
[^2]: https://aws.amazon.com/blogs/mobile/mobile-token-management-with-amazon-sns/
Is it possible to block countries for SMS sending in SMS settings (SNS service).
Example - Russia and Belarus
As a part of increasing the AWS security score, I wish to set up a log metric filter and alarm for the following actions :-
1. Changes to network gateways
2. Route table changes
3. Changes to Network Access Control Lists (NACL)
4. Security group changes
5. VPC changes
6. Unauthorized API calls
7. Management Console sign-in without MFA
8. AWS Management Console authentication failures
9. CloudTrail configuration changes
10. IAM policy changes
11. S3 bucket policy changes
12. Disabling or scheduled deletion of customer-created CMKs
There is just one root user. I wish to estimate the cost of this operation. [PFA screenshot of failed controls](/media/postImages/original/IMLIP77JscTuCyktECxGF3sg)
To set the scene, we host a medium sized ecommerce website on AWS and use SES for sending out all of our emails - so order confirmations, invoices, order updates etc. The beginning of Feb our complain rate shot up to 0.51% so we got put into special measures. In order to try and identify the problem I created a configuration set with two event destinations - one for Hard Bounces and one for Complaints. The destination for both was Standard SNS Topics with subscriptions that sent the notifications to email addresses. The SNS Topics are pretty much identical. The problem I have is that the Complaint one hasn't sent out a single email, but the Bounces one is working fine.
I'm hoping that somebody may have a suggestion as to what I've done wrong or why this might not be working. I'm not able to raise a technical support query as we don't have the support package - first time in 6 years that we've had an issue that we've not been able to solve ourselves.
Hi all,
as a **Security Requirement** we need to setup a **notification system** using **SNS** to notify our **Security Team** when someone access an AWS Account using a specific SSO PermissionSet "for example : **AdministratorAccess** " as shown in the image below :
I'm trying to setup a simple **EventBridge Rule** based on the **IAM Identity Center** **Federate** Event on **Cloudtrail** with an **SNS topic** as a target but I can't get it working.
**CloudTrail Event** :
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "Unknown",
"principalId": "xxxx-43ce-996a-0530772c083a",
"accountId": "xxxxxxxxxxx",
"userName": "userName"
},
"eventTime": "2023-03-23T00:07:29Z",
"eventSource": "sso.amazonaws.com",
"eventName": "Federate",
"awsRegion": "us-east-1",
"sourceIPAddress": "1.1.1.1",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0",
"requestParameters": null,
"responseElements": null,
"requestID": "c99b-48ea-a9e4-fc2194bc0f27",
"eventID": "415e-b57e-99764a0f0fdf",
"readOnly": false,
"eventType": "AwsServiceEvent",
"managementEvent": true,
"recipientAccountId": "xxxxxxxxxx",
"serviceEventDetails": {
"role_name": "AWSAdministratorAccess",
"account_id": "xxxxxxxx"
},
"eventCategory": "Management"
}
```
**EventBridge Event Pattern** is the Following :
```
{
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["sso.amazonaws.com"],
"eventName": ["Federate"]
}
}
```
anyone could help on how to get this working ?
Thanks in advance
Hi, I think there may be an issue with MediaLive sending inconsistent "STARTING" and "ACTIVE" channel notifications. In Cloudwatch I have the following rule:
{
"source": [
"aws.medialive"
],
"detail-type": [
"MediaLive Channel State Change"
]
}
This sends a notification to my server via an SNS topic with a HTTPS subscription. It all works well and I am receiving messages for all of the state changes except "STARTING" and "RUNNING" which are very inconsistent. They sometimes get sent and sometimes don't, whereas all the other messages arrive quickly with 100% consistency. This also happens if I receive the notification via email. I can't think of any reason why a problem with my AWS configuration or web server would mean that channel "CREATED", "DELETED", "STOPPING" and "STOPPED" work fine but "STARTING" and "RUNNING" do not. Could this be a problem with AWS?
Here is an example of a successful notification from SNS:
{
version: '0',
id: '<id>',
'detail-type': 'MediaLive Channel State Change',
source: 'aws.medialive',
account: '<account>',
time: '2023-03-18T20:40:36Z',
region: 'eu-west-2',
resources: [ '<arn>' ],
detail: {
pipelines_running_count: 0,
state: 'STOPPED',
pipeline: '0',
channel_arn: '<arn>',
message: 'Stop detected on pipeline'
}
}
Thanks
I had a Lambda function send a test message to an SNS topic to be emailed to two email addresses. It somehow created an infinite loop, and I'm getting 10-20 emails per minute. I deleted the Lambda function and the SNS topic, but the emails keep coming. The SNS topic's subscriptions to the two emails cannot be deleted because they are listed as "Pending confirmation". I tried deleting and unsubscribing them with CLI, but it says that it cannot delete or unsubscribe subscriptions that are "Pending confirmation." Any suggestions on how to stop these emails?
Hello,
I'm receiving SNS notification after run command (AWS_applypatchbaseline) , but it is containing only instance ID and run command result (failed, success...).
Example below :
```
{"commandId":"a55a64ed-b532-4cf0-a9fd-redacted","documentName":"AWS-ApplyPatchBaseline","instanceId":"mi-0529853redacted","requestedDateTime":"2023-03-09T10:00:07.38Z","status":"Failed","detailedStatus":"Failed","eventTime":"2023-03-09T10:19:54.568Z"}
```
I would like to translate this to instance name + run command **output **(where I can see installed KB)
Any directions where I should look at ?
Campaign was rejected with the reason: "Use case and sample messages are inconsistent."
Our selected use case was TWO_FACTOR_AUTHENTICATION
Our sample message was: "Your SYSTEMNAME verification code is 123456. ..."
Am I misunderstanding the TWO_FACTOR_AUTHENTICATION use case? It seems like our sample message perfectly fits the definition to me.
Thanks