90

Can you publish a message to an SNS topic using an AWS Lambda function backed by node.js?

Pat Myron
  • 4,437
  • 2
  • 20
  • 39
Gary Sharpe
  • 2,369
  • 8
  • 30
  • 51

3 Answers3

146

Yes, you could write a Lambda function that publishes to an SNS topic. The code running in Lambda has access to the full AWS SDK for Java or Javascript, whichever your function is using. You just need to make sure you give the IAM role executing the function access to publish to your topic. In Javascript:

console.log("Loading function");
var AWS = require("aws-sdk");

exports.handler = function(event, context) {
    var eventText = JSON.stringify(event, null, 2);
    console.log("Received event:", eventText);
    var sns = new AWS.SNS();
    var params = {
        Message: eventText, 
        Subject: "Test SNS From Lambda",
        TopicArn: "arn:aws:sns:us-west-2:123456789012:test-topic1"
    };
    sns.publish(params, context.done);
};

It is also possible to handle SNS messages using Lambda functions. You might take a look at the sns-message function blueprint, offered through the Create a Lambda function button on the Lambda console.

James
  • 11,721
  • 2
  • 35
  • 41
  • I am using Python, and I am trying to send a notification to `TargetArn`, but, I am getting an exception that the Lambda function does not have the permission to call SNS notification. Is this only possible with `TopicArn` or can we send Notification to indivial Endpoints using AWS LAmbda? – Parthapratim Neog Apr 14 '16 at 10:16
  • I have not tried it, but I believe you can send to particular endpoint if you have the EndpointArn from [create_platform_endpoint()](https://boto3.readthedocs.org/en/latest/reference/services/sns.html#SNS.Client.create_platform_endpoint), then call [publish()](https://boto3.readthedocs.org/en/latest/reference/services/sns.html#SNS.Client.publish) passing the EndpointArn in the TopicArn field. – James Apr 15 '16 at 16:18
  • 1
    Thanks for the response, I had the endpoint ARN, but my lambda function did not have permission to access SNS, then I found out that all I had to do was give him the access in The lambda function's role using amazon's IAM as mentioned in the first half of @kixorz answer. Then it worked fine. – Parthapratim Neog Apr 16 '16 at 05:40
  • @James is it possible to read and update existing topic's message data from node js ?? – redblood Sep 01 '16 at 12:04
  • @redblood, SNS Topics themselves are write-only. But you can subscribe a Lambda function to listen to the topic, then process messages sent to it. I recommend not using the same Lambda function to both write and subscribe to a topic, for fear of an endless loop. – James Sep 01 '16 at 15:46
65

First, you need to grant your Lambda IAM role permissions to publish to your SNS topic using proper IAM policy.

{
    "Action" : [
        "sns:Publish",
        "sns:Subscribe"
    ],
    "Effect" : "Allow",
    "Resource" : [
        { "Ref" : "<your SNS topic ARN>" }
    ]
}

Then you can use following code to SNS publish to your SNS topic from your other Lambda or Node.js code.

var message = {};
var sns = new AWS.SNS();
sns.publish({
    TopicArn: "<your SNS topic ARN>",
    Message: JSON.stringify(message)
}, function(err, data) {
    if(err) {
        console.error('error publishing to SNS');
        context.fail(err);
    } else {
        console.info('message published to SNS');
        context.succeed(null, data);
    }
});
adamkonrad
  • 6,794
  • 1
  • 34
  • 41
  • 6
    Why do you think you need the "sns:Subscribe" in your role? – Cristian Măgherușan-Stanciu Nov 15 '15 at 23:54
  • 1
    Well, I'm not a fan of too many restrictions. This allows me to use the same policy for both publishers and subscribers. In this particular case you're fine with just `sns:Publish`. – adamkonrad Nov 16 '15 at 00:36
  • 1
    needed to switch `.done` to `.succeed` but worked for me – Alex Moore-Niemi Feb 12 '17 at 19:16
  • 2
    Good on ya for mentioning the need for a policy, I was wondering what I did wrong. – Naguib Ihab Nov 08 '17 at 23:41
  • For my case, I would like to Only configure the Topic Arn value in IAM AWS permissions' policy JSON. I do Not want to reference the Topic Arn in the application's code. How can it be done? Thanks in advance. – crazyTech Aug 10 '22 at 14:15
  • 1
    @user1338998 The Topic ARN is required for the Publish method. You may want to store the ARN in the application configuration, environment variable or a parameter store and read it when the app is starting. – adamkonrad Aug 10 '22 at 21:41
  • 1
    +1 for mentioning the policy. If you want to allow any resource in your account to use the policy, modify the resource to just `"Resource": "arn:aws:sns:*:your-account-id:*"` – Metro Smurf Nov 28 '22 at 23:17
2

To send the SNS response into lambda use this:

await sns.publish({
    Message: snsPayload,
    MessageStructure: 'json',
    TargetArn: endPointArn}).promise()

(Answered here)

guneetgstar
  • 621
  • 7
  • 15