--- title: Amazon SNS description: Amazon Simple Notification Service (SNS) breadcrumbs: Docs > Integrations > Amazon SNS --- # Amazon SNS ## Overview{% #overview %} Connect Amazon Simple Notification Service (SNS) to Datadog in order to: - Collect SNS CloudWatch metrics - Send Datadog alert and event notifications to SNS topics - Receive SNS messages as events in the Datadog Event Explorer ## Setup{% #setup %} ### Installation{% #installation %} If you haven't already, set up the [Amazon Web Services integration](https://docs.datadoghq.com/integrations/amazon_web_services/) first. ### Metric collection{% #metric-collection %} 1. In the [AWS integration tile](https://app.datadoghq.com/integrations/amazon-web-services), ensure that **Simple Notification Service (SNS)** is enabled under the **Metric Collection** tab. 1. Ensure that your [Datadog IAM policy](https://docs.datadoghq.com/integrations/amazon_web_services/#installation) has the permissions listed in the table below. | AWS Permission | Description | | -------------------------- | --------------------------------- | | `cloudwatch:ListMetrics` | Used to list active metrics. | | `cloudwatch:GetMetricData` | Used to fetch metric data points. | ### Event collection{% #event-collection %} #### Receive SNS messages{% #receive-sns-messages %} You can receive SNS messages in the Datadog Event Explorer through both the `HTTPS` and `Email` protocols. Using the `HTTPS` protocol allows you to automatically confirm the subscription with a webhook URL. Using the `Email` protocol requires a manual confirmation step for the email address that Datadog automatically generates for this purpose. Read the [Create Datadog Events from Amazon SNS Emails](https://docs.datadoghq.com/integrations/guide/events-from-sns-emails/) guide for more information. To receive SNS messages in the Datadog Event Explorer through `HTTPS`: 1. In the **Topics** section of the SNS Management console, select the desired topic and click **Create Subscription**. 1. Select `HTTPS` as the protocol and enter the following webhook URL, substituting `` with the value of any valid Datadog API key: ```text ## Datadog US site https://app.datadoghq.com/intake/webhook/sns?api_key= ## Datadog EU site https://app.datadoghq.eu/intake/webhook/sns?api_key= ``` 1. Leave **Enable raw message delivery** unchecked. 1. Click **Create subscription**. 1. In the Datadog Event Explorer, view events from your SNS topics using the search query `source:amazon_sns` or `topicname:`. #### Page a Datadog On-Call team from SNS{% #page-a-datadog-on-call-team-from-sns %} You can route SNS notifications to a specific [Datadog On-Call](https://docs.datadoghq.com/incident_response/on-call/) team by appending the `oncall_team` query parameter to the webhook URL. This is useful when forwarding CloudWatch alarms through SNS to page the right team in Datadog. To set this up, create an HTTPS subscription on your SNS topic using the following URL format: ```text ## Datadog US site https://app.datadoghq.com/intake/webhook/sns?api_key=&oncall_team= ## Datadog EU site https://app.datadoghq.eu/intake/webhook/sns?api_key=&oncall_team= ``` Replace `` with a valid Datadog API key and `` with the handle of the On-Call team you want to page (for example, `ops` or `database-oncall`). When Datadog receives the SNS message, it creates an event and pages the specified On-Call team. ##### Route different alarms to different teams{% #route-different-alarms-to-different-teams %} To page different On-Call teams for different alarms, create a separate SNS topic per team. Each topic gets its own Datadog subscription URL with the appropriate `oncall_team` value: | SNS Topic | `oncall_team` value | Paged team | | ----------------- | ------------------- | ------------------- | | `infra-alerts` | `infra` | Infra On-Call | | `database-alerts` | `database` | Database On-Call | | `app-alerts` | `application` | Application On-Call | Then configure each CloudWatch alarm (or any other SNS publisher) to send to the appropriate topic. ##### Example: CloudWatch alarm to Datadog On-Call{% #example-cloudwatch-alarm-to-datadog-on-call %} 1. Create an SNS topic (for example, `infra-alerts`). 1. Add an HTTPS subscription to that topic using the webhook URL with `&oncall_team=infra`. 1. In the CloudWatch console, create or edit an alarm. Under **Notification**, select `infra-alerts` as the target for the **In alarm** state. When the alarm triggers, CloudWatch publishes to the SNS topic, SNS forwards the message to Datadog, and Datadog pages the `infra` On-Call team. #### Send notifications to SNS{% #send-notifications-to-sns %} To send Datadog notifications to an SNS topic: 1. In the [AWS integration tile](https://app.datadoghq.com/integrations/amazon-web-services), ensure that **Simple Notification Service (SNS)** is enabled under the **Metric Collection** tab, and the region of your topic is enabled under the **General** tab. 1. Ensure that your [Datadog IAM policy](https://docs.datadoghq.com/integrations/amazon_web_services/#installation) has the permissions listed in the table below. For more information, see [Using identity-based policies with Amazon SNS](https://docs.aws.amazon.com/sns/latest/dg/sns-using-identity-based-policies.html) in the AWS documentation. | AWS Permission | Description | | ------------------------ | ------------------------------------------------------- | | `cloudwatch:ListMetrics` | Used to determine active regions. | | `sns:List*` | Used to list available topics. | | `sns:Publish` | Used to publish notifications (monitors or event feed). | 1. Install the [Datadog - Amazon SNS integration](https://app.datadoghq.com/integrations/amazon-sns). 1. Enter your SNS topic as a recipient in [monitor notifications](https://docs.datadoghq.com/monitors/notify/#notification-recipients) using the format `@`. ### Log collection{% #log-collection %} Amazon SNS does not generate native logs. If your applications or subscribers log the messages they send or receive through SNS, those logs can be routed through the Datadog Forwarder and collected like any other log data. #### Send logs to Datadog{% #send-logs-to-datadog %} 1. In the **Topics** section of the SNS Management console, select the desired topic and click **Create Subscription**. 1. Set **Protocol** to **AWS Lambda**. 1. For **Endpoint**, enter the ARN of your Datadog Forwarder Lambda. 1. Click **Create Subscription**. The Datadog Forwarder automatically confirms the subscription. 1. In the Datadog Log Explorer, view logs from your SNS topics using the search queries `source:sns` or `@Sns.TopicArn:`. ## Data Collected{% #data-collected %} ### Metrics{% #metrics %} | | | | | **aws.sns.dwell\_time**(gauge) | Time waited by a message before it was delivered.*Shown as millisecond* | | **aws.sns.number\_of\_messages\_published**(count) | Number of messages published.*Shown as message* | | **aws.sns.number\_of\_notifications\_delivered**(count) | Number of messages successfully delivered.*Shown as message* | | **aws.sns.number\_of\_notifications\_failed**(count) | Number of messages that SNS failed to deliver.*Shown as message* | | **aws.sns.number\_of\_notifications\_filtered\_out**(count) | The number of messages that were rejected by subscription filter policies. A filter policy rejects a message when the message attributes don't match the policy attributes.*Shown as message* | | **aws.sns.number\_of\_notifications\_filtered\_out\_invalid\_attributes**(count) | The number of messages that were rejected by subscription filter policies because the messages have no attributes.*Shown as message* | | **aws.sns.number\_of\_notifications\_filtered\_out\_no\_message\_attributes**(count) | The number of messages that were rejected by subscription filter policies. A filter policy rejects a message when the message attributes don't match the policy attributes.*Shown as message* | | **aws.sns.publish\_size**(gauge) | Size of messages published.*Shown as byte* | | **aws.sns.smssuccess\_rate**(gauge) | The percentage of successfully delivered sms.*Shown as percent* | Each of the metrics retrieved from AWS is assigned the same tags that appear in the AWS console, including host name, security-groups, and more. ### Events{% #events %} The Amazon SNS integration includes events for topic subscriptions. See the example event below: ### Service Checks{% #service-checks %} The Amazon SNS integration does not include any service checks. ## Troubleshooting{% #troubleshooting %} ### China region limitation{% #china-region-limitation %} Datadog does not support SNS notifications from Datadog to topics in China. ### Topic discovery{% #topic-discovery %} Datadog discovers SNS topics by calling the AWS `sns:ListTopics` API. If your Datadog IAM policy is missing the `sns:List*` permission, topics do not appear in Datadog for notifications or autocomplete. ### ARN-based identity{% #arn-based-identity %} Datadog identifies SNS topics by ARN, not by display name. If you recreate a topic with the same name, it receives a new ARN, and Datadog treats it as a new topic. Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).