Creating an Amazon VPC endpoint for Amazon SNS
To publish messages to your Amazon SNS topics from an Amazon VPC, create an interface VPC endpoint. Then, you can publish messages to your topics while keeping the traffic within the network that you manage with the VPC.
Use the following information to create the endpoint and test the connection between your VPC and Amazon SNS. Or, for a walkthrough that helps you start from scratch, see Publishing an Amazon SNS message from Amazon VPC.
Creating the endpoint
You can create an Amazon SNS endpoint in your VPC using the Amazon Web Services Management Console, the Amazon CLI, an Amazon SDK, the Amazon SNS API, or Amazon CloudFormation.
For information about creating and configuring an endpoint using the Amazon VPC console or the Amazon CLI, see Creating an Interface Endpoint in the Amazon VPC User Guide.
Important
You can use Amazon Virtual Private Cloud only with HTTPS Amazon SNS endpoints.
When you create an endpoint, specify Amazon SNS as the service that you want your VPC to connect to. In the Amazon VPC console, service names vary based on the region. For example, if you choose US East (N. Virginia), the service name is com.amazonaws.us-east-1.sns.
When you configure Amazon SNS to send messages from Amazon VPC, you must enable private DNS and
specify endpoints in the format
sns.
.us-east-2
.amazonaws.com
Private DNS doesn't support legacy endpoints such as queue.amazonaws.com
or
.us-east-2
.queue.amazonaws.com
For information about creating and configuring an endpoint using Amazon CloudFormation, see the AWS::EC2::VPCEndpoint
resource in the
Amazon CloudFormation User Guide.
Testing the connection between your VPC and Amazon SNS
After you create an endpoint for Amazon SNS, you can publish messages from your VPC to your Amazon SNS topics. To test this connection, do the following:
-
Connect to an Amazon EC2 instance that resides in your VPC. For information about connecting, see Connect to Your Linux Instance or Connecting to Your Windows Instance in the Amazon EC2 documentation.
For example, to connect to a Linux instance using an SSH client, run the following command from a terminal:
$
ssh -iec2-key-pair.pem
ec2-user@instance-hostname
Where:
-
ec2-key-pair.pem is the file that contains the key pair that Amazon EC2 provided when you created the instance.
-
instance-hostname is the public hostname of the instance. To get the hostname in the Amazon EC2 console
: Choose Instances, choose your instance, and find the value for Public DNS (IPv4).
-
-
From your instance, use the Amazon SNS
publish
command with the Amazon CLI. You can send a simple message to a topic with the following command:$
aws sns publish --regionaws-region
--topic-arnsns-topic-arn
--message "Hello"Where:
-
aws-region is the Amazon Region that the topic is located in.
-
sns-topic-arn is the Amazon Resource Name (ARN) of the topic. To get the ARN from the Amazon SNS console
: Choose Topics, find your topic, and find the value in the ARN column.
If the message is successfully received by Amazon SNS, the terminal prints a message ID, like the following:
{ "MessageId": "6c96dfff-0fdf-5b37-88d7-8cba910a8b64" }
-