Amazon SNS topic tagging - Amazon Simple Notification Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon SNS topic tagging

Amazon SNS supports tagging of Amazon SNS topics. This can help you track and manage the costs associated with your topics, provide enhanced security in your Amazon Identity and Access Management (IAM) policies, and lets you easily search or filter through thousands of topics. Tagging enables you to manage your Amazon SNS topics using Amazon Resource Groups. For more information on Resource Groups, see the Amazon Resource Groups User Guide.

Tagging for cost allocation

To organize and identify your Amazon SNS topics for cost allocation, you can add tags that identify the purpose of a topic. This is especially useful when you have many topics. You can use cost allocation tags to organize your Amazon bill to reflect your own cost structure. To do this, sign up to get your Amazon account bill to include the tag keys and values. For more information, see Setting Up a Monthly Cost Allocation Report in the Amazon Billing and Cost Management User Guide.

For example, you can add tags that represent the cost center and purpose of your Amazon SNS topics, as follows:

Resource Key Value
Topic 1 Cost Center 43289
Application Order processing
Topic 2 Cost Center 43289
Application Payment processing
Topic 3 Cost Center 76585
Application Archiving

This tagging scheme lets you to group two topics performing related tasks in the same cost center, while tagging an unrelated activity with a different cost allocation tag.

Tagging for access control

Amazon Identity and Access Management supports controlling access to resources based on tags. After tagging your resources, provide information about your resource tags in the condition element of an IAM policy to manage tag-based access. For information on how to tag your resources using the Amazon SNS console or the Amazon SDK, see Configuring tags.

You can restrict access for an IAM identity. For example, you can restrict Publish and PublishBatch access to all Amazon SNS topics that include a tag with the key environment and the value production, while allowing access to all other Amazon SNS topics. In the example below, the policy restricts the ability to publish messages to topics tagged with production, while allowing messages to be published to topics tagged with development. For more information, see Controlling Access Using Tags in the IAM User Guide.

Note

Setting the IAM permission for Publish sets permission for both Publish and PublishBatch.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": [ "sns:Publish" ], "Resource": "arn:aws-cn:sns:*:*:*", "Condition": { "StringEquals": { "aws:ResourceTag/environment": "production" } } }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "arn:aws-cn:sns:*:*:*", "Condition": { "StringEquals": { "aws:ResourceTag/environment": "development" } } }] }

Tagging for resource searching and filtering

An Amazon account can have tens of thousands of Amazon SNS topics (see Amazon SNS Quotas for details). By tagging your topics, you can simplify the process of searching through or filtering out topics.

For example, you may have hundreds of topics associated with your production environment. Rather than having to manually search for these topics, you can query for all topics with a given tag:

import com.amazonaws.services.resourcegroups.AWSResourceGroups; import com.amazonaws.services.resourcegroups.AWSResourceGroupsClientBuilder; import com.amazonaws.services.resourcegroups.model.QueryType; import com.amazonaws.services.resourcegroups.model.ResourceQuery; import com.amazonaws.services.resourcegroups.model.SearchResourcesRequest; import com.amazonaws.services.resourcegroups.model.SearchResourcesResult; public class Example { public static void main(String[] args) { // Query Amazon SNS Topics with tag "keyA" as "valueA" final String QUERY = "{\"ResourceTypeFilters\":[\"AWS::SNS::Topic\"],\"TagFilters\":[{\"Key\":\"keyA\", \"Values\":[\"valueA\"]}]}"; // Initialize ResourceGroup client AWSResourceGroups awsResourceGroups = AWSResourceGroupsClientBuilder .standard() .build(); // Query all resources with certain tags from ResourceGroups SearchResourcesResult result = awsResourceGroups.searchResources( new SearchResourcesRequest().withResourceQuery( new ResourceQuery() .withType(QueryType.TAG_FILTERS_1_0) .withQuery(QUERY) )); System.out.println("SNS Topics with certain tags are " + result.getResourceIdentifiers()); } }