Apricate.dev

From Launch to Management: How to Handle AWS SNS Using Terraform

Deploying and Managing AWS SNS with Terraform

Amazon Simple Notification Service (SNS) is a fully managed messaging service that facilitates communication between distributed systems by sending messages to subscribers via various protocols such as HTTP/S, email, SMS, and AWS Lambda. By using Terraform, you can automate the creation, configuration, and management of SNS topics and subscriptions, integrating them seamlessly into your infrastructure-as-code (IaC) workflows.

This article will guide you through launching and managing AWS SNS with Terraform, and will also show you how to create a Terraform module for easier reuse and scalability.

Prerequisites

Before you start, ensure that you have:

  • An AWS Account with the necessary permissions to create and manage SNS topics and subscriptions.
  • Terraform Installed on your local machine.
  • AWS CLI Configured with your credentials.

Step 1: Set Up Your Terraform Project

Begin by creating a directory for your Terraform project:

mkdir sns-terraform
cd sns-terraform
touch main.tf

In the main.tf file, define the AWS provider:

provider "aws" {
  region = "us-east-1"  # Specify the AWS region
}

Step 2: Create and Manage an SNS Topic

Creating an SNS Topic

Define an SNS topic resource:

resource "aws_sns_topic" "example_topic" {
  name = "example-sns-topic"
  tags = {
    Environment = "Production"
    Team        = "DevOps"
  }
}

This creates an SNS topic named example-sns-topic, tagged for easier management.

Configuring Topic Attributes

You can manage additional attributes for your SNS topic, such as a display name or delivery policy:

resource "aws_sns_topic" "example_topic" {
  name         = "example-sns-topic"
  display_name = "Example SNS Topic"

  delivery_policy = jsonencode({
    defaultHealthyRetryPolicy = {
      minDelayTarget   = 20,
      maxDelayTarget   = 20,
      numRetries       = 3,
      backoffFunction  = "exponential"
    }
  })
}

Step 3: Add and Manage SNS Subscriptions

Subscriptions define the endpoints that receive messages from the SNS topic.

Email Subscription

resource "aws_sns_topic_subscription" "email_subscription" {
  topic_arn = aws_sns_topic.example_topic.arn
  protocol  = "email"
  endpoint  = "your-email@example.com"
}

SMS Subscription

resource "aws_sns_topic_subscription" "sms_subscription" {
  topic_arn = aws_sns_topic.example_topic.arn
  protocol  = "sms"
  endpoint  = "+1234567890"  # Replace with your phone number
}

Lambda Subscription

resource "aws_lambda_function" "example_lambda" {
  function_name = "exampleLambda"
  handler       = "index.handler"
  runtime       = "nodejs18.x"
  role          = aws_iam_role.lambda_exec_role.arn
  filename      = "lambda_function.zip"
}

resource "aws_sns_topic_subscription" "lambda_subscription" {
  topic_arn = aws_sns_topic.example_topic.arn
  protocol  = "lambda"
  endpoint  = aws_lambda_function.example_lambda.arn
}

resource "aws_lambda_permission" "allow_sns" {
  statement_id  = "AllowExecutionFromSNS"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.example_lambda.function_name
  principal     = "sns.amazonaws.com"
  source_arn    = aws_sns_topic.example_topic.arn
}

Step 4: Manage SNS Access Control with IAM Policies

Control access to your SNS topic with IAM policies:

resource "aws_iam_role" "sns_publish_role" {
  name = "sns-publish-role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [{
      Action    = "sts:AssumeRole",
      Effect    = "Allow",
      Principal = {
        Service = "sns.amazonaws.com"
      }
    }]
  })
}

resource "aws_iam_role_policy" "sns_publish_policy" {
  name   = "sns-publish-policy"
  role   = aws_iam_role.sns_publish_role.id

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [{
      Action   = "sns:Publish",
      Effect   = "Allow",
      Resource = aws_sns_topic.example_topic.arn
    }]
  })
}

Step 5: Apply the Terraform Configuration

With your SNS resources defined, apply the Terraform configuration:

  1. Initialize the project:
   terraform init
  1. Preview the changes:
   terraform plan
  1. Apply the configuration:
   terraform apply

Confirm the prompt to create the resources.

Step 6: Create a Terraform Module for SNS

To make your SNS setup reusable, you can create a Terraform module. Modules encapsulate reusable Terraform configurations, making them easier to manage and scale.

  1. Create a Module Directory:
   mkdir -p modules/sns
  1. Define the Module: Inside the modules/sns directory, create main.tf, variables.tf, and outputs.tf files.

main.tf: 

resource "aws_sns_topic" "sns_topic" {
  name = var.topic_name
  tags = var.tags
}

resource "aws_sns_topic_subscription" "sns_subscriptions" {
  count    = length(var.subscriptions)
  topic_arn = aws_sns_topic.sns_topic.arn
  protocol  = var.subscriptions[count.index].protocol
  endpoint  = var.subscriptions[count.index].endpoint
}

variables.tf:

variable "topic_name" {
  type        = string
  description = "Name of the SNS topic"
}

variable "subscriptions" {
  type = list(object({
    protocol = string
    endpoint = string
  }))
  description = "List of subscriptions"
}

variable "tags" {
  type        = map(string)
  description = "Tags for the SNS topic"
  default     = {}
}

outputs.tf: 

output "sns_topic_arn" {
  value = aws_sns_topic.sns_topic.arn
}
  1. Use the Module in Your Main Configuration: In your main main.tf file, call the module:
   module "sns" {
     source        = "./modules/sns"
     topic_name    = "example-sns-topic"
     subscriptions = [
       {
         protocol = "email"
         endpoint = "your-email@example.com"
       },
       {
         protocol = "sms"
         endpoint = "+1234567890"
       }
     ]
     tags = {
       Environment = "Production"
       Team        = "DevOps"
     }
   }

Step 7: Update and Destroy Resources

To update resources, modify the module inputs or other configurations and reapply:

terraform apply

To delete resources managed by the module, run:

terraform destroy

Amazon SNS Mobile Push Notifications, which is part of Amazon Simple Notification Service (SNS), allows you to send push notifications to mobile devices across multiple platforms, including Android, iOS, and others.

AWS SNS Mobile Push Notifications

With Amazon SNS Mobile Push Notifications, you can create platform applications for various push notification services like Apple Push Notification Service (APNs) for iOS, Firebase Cloud Messaging (FCM) for Android, and others. These platform applications can be managed using the aws_sns_platform_application resource in Terraform, as described in your original configuration.

Key Components

  • Platform Applications: These represent the push notification service you are using (e.g., APNs for iOS, FCM for Android).
  • Endpoints: These represent individual mobile devices registered with the platform application.
  • Messages: The notifications that you send to these endpoints.

Example Configuration for AWS SNS Mobile Push Notifications

Below is an example of setting up an SNS platform application for Android (using FCM) with Terraform:

resource "aws_sns_platform_application" "android_application" {
  name                             = "MyAndroidApp${var.environment}"
  platform                         = "GCM" # Use GCM for FCM
  platform_credential              = var.fcm_api_key # Your FCM API Key
  event_delivery_failure_topic_arn = aws_sns_topic.delivery_failure.arn
  event_endpoint_created_topic_arn = aws_sns_topic.endpoint_created.arn
  event_endpoint_deleted_topic_arn = aws_sns_topic.endpoint_deleted.arn
  event_endpoint_updated_topic_arn = aws_sns_topic.endpoint_updated.arn
}

resource "aws_sns_topic" "delivery_failure" {
  name = "sns-delivery-failure"
}

resource "aws_sns_topic" "endpoint_created" {
  name = "sns-endpoint-created"
}

resource "aws_sns_topic" "endpoint_deleted" {
  name = "sns-endpoint-deleted"
}

resource "aws_sns_topic" "endpoint_updated" {
  name = "sns-endpoint-updated"
}

Comparison with GCM/FCM

  • Google Cloud Messaging (GCM) / Firebase Cloud Messaging (FCM): This is Google’s platform for sending push notifications to Android devices. It requires a specific API key (token) for authentication.
  • Amazon SNS Mobile Push: SNS abstracts the differences between platforms (GCM/FCM, APNs, etc.) and provides a unified way to manage push notifications across multiple platforms using a single interface.

Benefits of AWS SNS Mobile Push Notifications

  1. Cross-Platform Support: Manage notifications across multiple mobile platforms (iOS, Android, Kindle, etc.) from a single service.
  2. Integration with AWS Services: Easily integrate with other AWS services like Lambda, CloudWatch, and IAM.
  3. Scalability: Automatically scales to support any number of notifications and endpoints.
  4. Event Logging: Monitor delivery statuses and other events using SNS topics and CloudWatch.

Conclusion

By combining Terraform’s power with AWS SNS, you can efficiently launch, manage, and automate your messaging infrastructure. The Terraform module further simplifies and standardizes the deployment, making it reusable and scalable across different environments. With this setup, you can easily integrate SNS into your infrastructure-as-code strategy, ensuring consistency and reliability in your cloud operations.

AWS SNS Mobile Push Notifications serves as the AWS counterpart to GCM/FCM, providing a powerful, scalable solution for managing push notifications to mobile devices. With Terraform, you can automate the setup and management of SNS platform applications, making it easier to handle push notifications within your AWS infrastructure.

Bohdan

, ,
, , , ,