Create IAM’s user for SNS notification sending

One of the recommended ways to perform sending notifications with SNS , is to create a user of IAM (the AWS Identity Management System).

Thus, we will have a user with their access codes, configured only to be able to send notifications, which offers us greater security.

Only requirement for the creation of this user is to have already created our SNS topic and to point its RNA. If you have not created it yet, you can follow the entry “ Configure SNS to receive notifications

Access to the IAM console

First step is always to access the AWS console .

Once inside, in the search bar we will look for “IAM” to be able to access the identity console.

Creating an IAM policy

Creating an IAM user to send with SNS, step 1

Once we are in the IAM welcome screen, we will start creating a new Policy, clicking on the “Policies” link in the menu on the left.

Since our user has to have an applied policy that gives him permission, we will start creating this policy, so that the creation process is easier to see.

Within the default policies of IAM we can find already defined policies for most of the services, although we will define our own to restrict access to the user as much as possible.

Once in the policy screen, click on the “Create a policy” button

Creating an IAM user to send with SNS, step 2

When accessing the policy creation screen we will have two options:

  • Visual editor: to navigate through existing policies and choose the ones we want.
  • JSON: to directly indicate the permissions that we want to apply.

In our case, we are going to go directly to the JSON tab, since we will introduce the permissions in that way. The code that we must indicate is the following:

     "Version": "2012-10-17",
     "Statement": [
             "Effect": "Allow",
             "Action": "sns: Publish",
             "Resource": "arn: aws: sns: eu-west-1: 1836171893615: myTopic"

In the Resource section we must indicate the arn of the topic that we are going to use for the shipments.

By clicking on Review policy, it will be verified that the code we have set is correct, and we will go to the verification screen.

Creating an IAM user to send with SNS, step 3

Last step is to indicate a name for the policy, and a brief description, and clicking on “Create a policy”, we will have our policy created.

Create user on IAM

Creating an IAM user to send with SNS, step 4

On left menu we will see the different options, and we will access the users tab by clicking on the “Users” link.

Inside the user screen we will see the active users (if any), and we can create a new user by clicking on the “Add user (s)” button.

Inside the user creation screen, first we will indicate the name we want it to have, and that we will access it in a programmatic way.

Creating an IAM user to send with SNS, step 5

With basic user data already created, the next step is to add the permissions that you are going to have. As we have already created a policy, we just have to indicate that our user must use it, and for that:

  • Click on the button “Directly associate existing policies”
  • We use the search engine to locate the policy that we have just created.
  • Mark the policy or policies that we want add.
Creating an IAM user to send with SNS, step 6

Once finished, we click on the labels button to go to the labels screen.

Here we can indicate the labels that we want (it is optional), to identify the characteristics of that user.

Creating an IAM user to send with SNS, step 7

Once we finish, we will click on the “Next: review” button to finish.

Last step to create the user is to review the configuration of this and click on the “Create user” button.

If everything went well, we will see a message indicating that we have already created the user, and we can download or see the keys to connect with that user.

Creating an IAM user to send with SNS, step 9

After that, we can use this data to send SNS notifications.


Configure SNS to receive notifications

SNS (Simple Notification Service), is the product of Amazon Web Services for sending notifications. If you want to know more about this service you can read this post about AWS SNS.

To be able to use this service we have to understand what the topics are and the subscriptions. In SNS we create communication channels (topics), to which the person who wants to receive these notifications (subscribers) is connected. The concept is similar to the mailing lists (which would be our themes) and the people who sign up to receive the emails (which would be the subscribers).

The main advantage of SNS is that we can connect all types of services to a notification channel. For example, we can do that with every notification:

  • An email or SMS is sent.
  • A GET or POST request is made to a remote server.
  • An AWS Lambda is run.

Set up a notification in SNS

Create an SNS theme and make a subscription (in our example, an email account) is very simple by following these steps:

First we will access the AWS console , and from the drop-down menu Services we will choose (or look for) SNS.

If we see the welcome cover of SNS, we will click on “Get started” to access the work screen.

On the main screen, we select “Create topic” to create a new topic.

Now, we must indicate the name and a brief description (up to 10 characters) for our theme, and click on the “Create topic” button.

With our theme already created, we have to add subscribers that receive the messages that we send.

For this, once inside our subject, we will click on “Create subscription”, to add a new subscriber.

When clicking, a window will open where we must indicate 3 options:

  • The AWS ARN for our theme (which is already indicated)
  • The way we want to receive notifications (we will choose Email)
  • Destiny (in the mail case, the mail account we want to send notifications to

It is important to bear in mind that, if we have chosen the email, we must confirm the email address, by clicking on the link of the confirmation email sent to us. Until we do, we will not receive notifications and we will appear as “PendingConfirmation”.

Our email account is awaiting confirmation.

We will receive an email similar to this, with a link to confirm the subscription.

When clicking on the confirmation link, it will take us to a page similar to the one above, where it will confirm that the process has gone well.

By refreshing page, we’ll see our confirmed account, and we can receive notifications.

Send notifications to a topic

Once we have already set up our theme to be able to send notifications, we can see how it works by sending a trial.

To do this, in the configuration window of our theme, click on the “Publish to topic” button.

By clicking, you will be asked to indicate the subject of the notification, the content (we can indicate that it is raw and write any message), and clicking on “Publish message” will be sent to all subscribers.

In addition, we can use the AWS API for SNS to schedule the Shipments to SNS from our program, instances, lambdas, etc.