How to use IBM® App Connect with Amazon SNS

Amazon Simple Notification Service (SNS) is a publish/subscribe messaging service that allows you to publish messages to topics, add subscriptions for filtering, and deliver published messages to subscribers of those topics.

Availability:
  • App Connect connector
  • A local connector in a Designer instance of IBM App Connect in containers (Continuous Delivery release)Local connector in containers (Continuous Delivery release)
  • A local connector in a Designer instance of IBM App Connect in containers (Support Cycle 2)Local connector in containers (Long Term Support Cycle-2 release)

Supported product and API versions

To find out which product and API versions this connector supports, see Detailed System Requirements on the IBM Support page.

Connecting to Amazon SNS

Complete the connection fields that you see in the App Connect Designer Connect > Applications and APIs page (previously the Catalog page) or flow editor. If necessary, work with your Amazon SNS administrator to obtain these values.

Amazon SNS authorization types and connection fields:

BASIC
Secret access key: The secret access key for your Amazon SNS account, as generated in the Security Credentials page in the AWS Management Console.
Access key ID: The access key ID for your Amazon SNS account, as generated in the Security Credentials page in the AWS Management Console.
Region: The region of your Amazon SNS instance, for example, us-east-1. You can find the value for the Region parameter at the end of the URL when you are logged in to the AWS Management Console (for example, https://us-east-2.console.aws.amazon.com/console/home?region=us-east-2#).
Tip: For more information, see AWS service endpoints on the AWS documentation page.
Role ARN: The Amazon Resource Name (ARN) that specifies an IAM role in AWS.
BASIC OIDC
Region: The region of your Amazon SNS instance, for example, us-east-1. You can find the value for the Region parameter at the end of the URL when you are logged in to the AWS Management Console (for example, https://us-east-2.console.aws.amazon.com/console/home?region=us-east-2#).
Tip: For more information, see AWS service endpoints on the AWS documentation page.
Client ID: Specify the unique identifier assigned to an application within an OpenID Connect (OIDC) system.
Client secret: Specify the client secret that is used to authenticate the client application.
ID token: The security token in OpenID Connect (OIDC) that contains claims about the authentication of a user, such as their identity and session validity, typically represented as a JSON Web Token (JWT).
Refresh token: The refresh token that is generated from the application client ID and client secret.
Role ARN: The Amazon Resource Name (ARN) of the IAM role that defines the permissions that are applied when the role is assumed.
OIDC server URL: Specify the URL of the OpenID Connect (OIDC) server or identity provider that handles authentication and provides tokens for clients.
OIDC WEB
Region: The region of your Amazon SNS instance, for example, us-east-1. You can find the value for the Region parameter at the end of the URL when you are logged in to the AWS Management Console (for example, https://us-east-2.console.aws.amazon.com/console/home?region=us-east-2#).
Tip: For more information, see AWS service endpoints on the AWS documentation page.
Client ID: Specify the unique identifier assigned to an application within an OpenID Connect (OIDC) system.
Client secret: Specify the client secret that is used to authenticate the client application.
Role ARN: The Amazon Resource Name (ARN) of the IAM role that defines the permissions that are applied when the role is assumed.
OIDC server URL: Specify the URL of the OpenID Connect (OIDC) server or identity provider that handles authentication and provides tokens for clients.
AWS PKI
Region: The region of your Amazon SNS instance, for example, us-east-1. You can find the value for the Region parameter at the end of the URL when you are logged in to the AWS Management Console (for example, https://us-east-2.console.aws.amazon.com/console/home?region=us-east-2#).
Tip: For more information, see AWS service endpoints on the AWS documentation page.
Client certificate: The X.509 certificate used to authenticate your workload with IAM Roles Anywhere.
Client key password: The password for the encrypted Client private key. Required only if the Client private key is protected by a password.
Client private key: The private key that is associated with the client certificate and used to sign authentication requests.
Profile ARN: The Amazon Resource Name (ARN) of the IAM Roles Anywhere profile that determines the IAM roles that a workload can assume.
Role ARN: The Amazon Resource Name (ARN) of the IAM role that defines the permissions that are applied when the role is assumed.
Trust anchor ARN: The Amazon Resource Name (ARN) of the trust anchor that represents the certificate authority (CA) trusted by IAM Roles Anywhere to validate X.509 client certificates.

To obtain the connection values for Amazon SNS using BASIC, BASIC OIDC, and OIDC WEB authentication types, see Obtaining connection values for Amazon SNS (BASIC, OIDC WEB, and BASIC OIDC).

To obtain the connection values for Amazon SNS using AWS PKI authentication type, see Obtaining connection values for Amazon SNS (AWS PKI).

To connect to an Amazon SNS endpoint from the App Connect Designer Applications and APIs page for the first time, expand Amazon SNS, then click Connect. For more information, see Managing accounts.

Tip:

Before you use the account that is created in App Connect in a flow, rename the account to something meaningful that helps you to identify it. To rename the account on the Applications and APIs page, select the account, open its options menu (⋮), then click Rename Account.

General considerations

Before you use App Connect Designer with Amazon SNS, take note of the following considerations:

  • (General consideration) You can see lists of the trigger events and actions that are available on the Applications and APIs page of the App Connect Designer.

    For some applications, the events and actions depend on the environment and whether the connector supports configurable events and dynamic discovery of actions. If the application supports configurable events, you see a Show more configurable events link under the events list. If the application supports dynamic discovery of actions, you see a Show more link under the actions list.

  • (General consideration) If you are using multiple accounts for an application, the set of fields that is displayed when you select an action for that application can vary for different accounts. In the flow editor, some applications always provide a curated set of static fields for an action. Other applications use dynamic discovery to retrieve the set of fields that are configured on the instance that you are connected to. For example, if you have two accounts for two instances of an application, the first account might use settings that are ready for immediate use. However, the second account might be configured with extra custom fields.

Events and actions

Amazon SNS events

These events are for changes in this application that trigger a flow to start completing the actions in the flow.

Note: Events are not available for changes in this application. You can trigger a flow in other ways, such as at a scheduled interval or at specific dates and times.

Amazon SNS actions

Your flow completes these actions on this application.

Object Action Description
Subscriptions Create subscription Prepares to subscribe an endpoint by sending the endpoint, a confirmation message. Navigate to the message for further action.
Confirm subscription Verifies an endpoint owner's intent to receive messages. This is verified by validating the token sent to the endpoint owner by a Subscribe action done earlier.
Delete subscription Deletes a subscription
Retrieve subscriptions Returns a list of the requester's subscriptions
Update subscription Allows a subscription owner, to set an attribute of the subscription to a new value
Tags Create tag Adds tags to the specified Amazon SNS topic
Delete tag Removes tags from the specified Amazon SNS topic
Retrieve tags Lists all tags added to the specified Amazon SNS topic
Topics Create topic Creates a topic to which notifications can be published
Delete topic Deletes a topic and all its subscriptions
Publish message to topic Sends a message to an Amazon SNS topic or sends a text message (SMS message) directly to a phone number
Retrieve topics Returns a list of the requester's topics
Update topic Allows a topic owner to set an attribute of the topic to a new value