Skip to main content

Amazon Simple Notification Service Connector

The Amazon Simple Notification Service (SNS) Connector is an outbound Connector that allows you to connect your BPMN service with Amazon Simple Notification Service (SNS) to send messages.

Prerequisites​

To use the Amazon SNS Connector, you need to have an SNS Topic, IAM key, and secret pair with the sns:Publish policy relative to your SNS.

note

Use Camunda secrets to avoid exposing your AWS IAM credentials as plain text. Refer to an appendix entry and the SNS Developer Guide to learn more.

Create an Amazon SNS Connector task​

To use the Amazon SNS Connector in your process, either change the type of existing task by clicking on it and using the wrench-shaped Change type context menu icon, or create a new Connector task by using the Append Connector context menu. Follow our guide to using Connectors to learn more.

Make your Amazon SNS Connector for sending messages executable​

To make your Amazon SNS Connector for sending messages executable, take the following steps:

  1. Choose an applicable authentication type from the Authentication dropdown. Learn more about authentication types in the related appendix entry.
  2. Set the relevant IAM key and secret pair in the Authentication section. For example, {{secrets.MY_AWS_ACCESS_KEY}}. The value can be plain text, but this is not recommended due to security concerns.
  3. In the Topic Properties section, set the topic ARN of your SNS topic as well as its region.
  4. In the Input message data section, fill out the field Message with the data you would like to publish to the topic. The field requires FEEL input.
  5. (Optional) In the Input message data section, fill out the field Message attributes to set optional message metadata. This field requires FEEL input. Refer to the relevant appendix section to find out more about this field.
  6. (Optional) In the Input message data section, fill out the field Subject to set optional message subject. FEEL input of the field is optional. Length must be less than 100 characters.
  7. (FIFO only) For a FIFO type topic in Amazon SNS, a Message Group ID is required. This ID ensures that messages within the same group are delivered in sequence. The Amazon SNS documentation on FIFO topics provides more details on Message Group ID usage. Additionally, an optional Message Deduplication ID can be provided. This is useful for message deduplication in FIFO topics and its necessity depends on the deduplication settings of your SNS FIFO topic. The Message Deduplication ID helps ensure Amazon SNS does not resend the same message within the deduplication interval.

Amazon SNS Connector response​

The Amazon SNS Connector returns the SNS message identifier of a newly created message. The response contains a messageId variable.

You can use an output mapping to map the response:

  1. Use Result Variable to store the response in a process variable. For example, myResultVariable.
  2. Use Result Expression to map fields from the response into process variables. For example:
= {
"createdMessageID": response.messageId
}

Appendix & FAQ​

What are the message attributes and how can I set them?​

Amazon SNS lets you include structured metadata (such as timestamps, geospatial data, signatures, and identifiers) with messages using message attributes. The Amazon SNS Connector allows you to include non-binary message attributes in the Input message data section. The message attribute value must be composed to be compliant with Amazon SNS message attribute data format.

Example of a valid message attribute as a FEEL value:

= {
"timestamp":{
"StringValue":today(),
"DataType":"String"
},
"messageSubmittedBy":{
"StringValue":"user12345",
"DataType":"String"
}
}

How do I store AWS IAM secrets for my SNS Connector?​

Use Camunda secrets to avoid exposing your AWS IAM credentials. Follow our documentation on managing secrets to learn more.

AWS authentication types​

There are two options to authenticate the Connector with AWS:

  • Choose Credentials in the Authentication dropdown if you have a valid pair of access and secret keys provided by your AWS account administrator. This option is applicable for both SaaS and Self-Managed users.
  • Choose Default Credentials Chain (Hybrid/Self-Managed only) in the Authentication dropdown if your system is configured as an implicit authentication mechanism, such as role-based authentication, credentials supplied via environment variables, or files on target host. This option is applicable only for Self-Managed or hybrid distribution. This approach uses the Default Credential Provider Chain to resolve required credentials.