Amazon Web Service (AWS) - Simple Notification Service (SNS) Notifications
Account Setup
Section titled “Account Setup”You’ll need to create an account with Amazon Web Service (AWS) first to use this. If you don’t have one, you’ll need your credit card (even though the first 12 months are free). Alternatively, if you already have one (or are using it through your company), you’re good to go to the next step.
The next thing you’ll need to do is generate an Access Key ID and Secret Access Key:
- From the AWS Management Console search for IAM under the AWS services section or simply click here.
- Expand the section reading Access keys (access key ID and secret access key)
- Click on Create New Access Key
- It will present the information to you on screen and let you download a file containing the same information. I suggest you do so since there is no way to retrieve this key again later on (unless you delete it and create a new one).
So at this point, it is presumed you’re set up, and you got your Access Key ID and Secret Access Key on hand.
You now have all the tools you need to send SMS messages.
If you want to take advantage of sending your notifications to topics: from the AWS Management Console search for Simple Notification Service under the AWS services section and configure as many topics as you want. You’ll be able to reference them as well using this notification service.
Temporary Credentials (Session Token)
Section titled “Temporary Credentials (Session Token)”AWS Lambda execution roles, IAM roles assumed via STS (aws sts assume-role), and other sources of short-lived credentials provide a third component alongside the Access Key ID and Secret Access Key: the Session Token (AWS_SESSION_TOKEN). This token must be included when signing requests, otherwise AWS will reject them with an authorization error.
Apprise supports session tokens in two ways:
- Query parameter (recommended): append
?token={SessionToken}to any SNS URL — the token is accepted exactly as AWS provides it, with no escaping required. - URL prefix: place the token before the Access Key ID separated by
@:sns://{SessionToken}@{AccessKeyID}/...— any/characters in the token must be percent-encoded as%2F.
Syntax
Section titled “Syntax”Valid syntax is as follows:
sns://{AccessKeyID}/{AccessKeySecret}/{Region}/+{PhoneNo}sns://{AccessKeyID}/{AccessKeySecret}/{Region}/+{PhoneNo1}/+{PhoneNo2}/+{PhoneNoN}sns://{AccessKeyID}/{AccessKeySecret}/{Region}/#{Topic}sns://{AccessKeyID}/{AccessKeySecret}/{Region}/#{Topic1}/#{Topic2}/#{TopicN}sns://{SessionToken}@{AccessKeyID}/{AccessKeySecret}/{Region}/+{PhoneNo}sns://{AccessKeyID}/{AccessKeySecret}/{Region}/#{Topic}?token={SessionToken}
You can mix and match phone numbers and topics:
sns://{AccessKeyID}/{AccessKeySecret}/{Region}/+{PhoneNo1}/#{Topic1}
Enforcing a hashtag (#) for topics and a plus sign (+) in front of phone numbers helps eliminate cases where ambiguity could be an issue, such as a topic that is comprised of all numbers. These characters are purely optional.
Operating Modes
Section titled “Operating Modes”SNS behaves differently depending on your target types:
| Mode | When it applies | Title handling | Body limit |
|---|---|---|---|
sms (default) | Phone targets present, or mixed phones + topics | Title is prepended to the body | 160 characters |
topic | Topic-only targets (auto-detected), or ?mode=topic forced | Title is sent as the SNS Subject field | 256 KB |
The mode is auto-detected from your URL: if all targets are topics, topic mode is used; if any phone numbers are present, sms mode is used. You can override this with ?mode=sms or ?mode=topic.
Parameter Breakdown
Section titled “Parameter Breakdown”| Variable | Required | Description |
|---|---|---|
| AccessKeyID | *Yes | The generated Access Key ID from the AWS Management Console |
| AccessKeySecret | *Yes | The generated Access Key Secret from the AWS Management Console |
| Region | *Yes | The region code, e.g. us-east-1, us-west-2, cn-north-1 |
| PhoneNo | No | The phone number including the country dialling prefix. You can optionally prefix the number with +. Brackets, spaces, and hyphens are accepted. |
| Topic | No | An SNS topic name. You can optionally prefix it with #. |
| SessionToken | No | An AWS session token for temporary/IAM credentials (AWS_SESSION_TOKEN). Prefer ?token= — tokens often contain / which must be escaped as %2F in the @-prefix form. |
| mode | No | Set to sms or topic to override auto-detection. Defaults to sms when phones are present; topic when only topics are listed. |
| key | No | An alias for AccessKeyID (?key=). Useful in YAML configuration. |
| access | No | A legacy alias for AccessKeyID (?access=). |
| secret | No | An alias for AccessKeySecret (?secret=). |
| token | No | An alias for SessionToken (?token=). Useful in YAML configuration. |
Global Parameters
Section titled “Global Parameters”| Variable | Description |
|---|---|
| overflow | This parameter can be set to either split, truncate, or upstream. This determines how Apprise delivers the message you pass it. By default this is set to upstream 👉 upstream: Do nothing at all; pass the message exactly as you received it to the service.👉 truncate: Ensure that the message will fit within the service’s documented upstream message limit. If more information was passed then the defined limit, the overhead information is truncated.👉 split: similar to truncate except if the message doesn’t fit within the service’s documented upstream message limit, it is split into smaller chunks and they are all delivered sequentially there-after. |
| format | This parameter can be set to either text, html, or markdown. Some services support the ability to post content by several different means. The default of this varies (it can be one of the 3 mentioned at any time depending on which service you choose). You can optionally force this setting to stray from the defaults if you wish. If the service doesn’t support different types of transmission formats, then this field is ignored. |
| verify | External requests made to secure locations (such as through the use of https) will have certificates associated with them. By default, Apprise will verify that these certificates are valid; if they are not then no notification will be sent to the source. In some occasions, a user might not have a certificate authority to verify the key against or they trust the source; in this case you will want to set this flag to no. By default it is set to yes. |
| redirect | By default, Apprise will follow HTTP redirects (3xx responses) issued by the remote server, matching the behaviour of the underlying requests library. If you want to prevent custom headers and credentials from being forwarded to destinations that differ from the original URL, set this to no. By default it is set to yes. |
| cto | This stands for Socket Connect Timeout. This is the number of seconds Requests will wait for your client to establish a connection to a remote machine (corresponding to the connect()) call on the socket. The default value is 4.0 seconds. |
| rto | This stands for Socket Read Timeout. This is the number of seconds the client will wait for the server to send a response. The default value is 4.0 seconds. |
| emojis | Enable Emoji support (such as providing :+1: would translate to 👍). By default this is set to no. Note: Depending on server side settings, the administrator has the power to disable emoji support at a global level; but default this is not the case. |
| tz | Identify the IANA Time Zone Database you wish to operate as. By default this is detected based on the configuration the server hosting Apprise is running on. You can set this to things like America/Toronto, or any other properly formated Timezone describing your area. |
| retry | The number of additional delivery attempts to make after the first failure before giving up. Accepts an integer in the range 0 to 10. The default is 0 (no retries — a single attempt is made). When combined with wait, Apprise pauses the specified number of seconds between each attempt. |
| wait | The number of seconds to pause between retry attempts. Accepts a decimal value in the range 0.0 to 20.0; integer values are promoted to float automatically. The default is 0.5. This value is only meaningful when retry is greater than zero — a service with retry=0 makes exactly one attempt regardless of the wait value. |
| optional | When set to yes, a delivery failure for this service is silently absorbed. The overall notify() call still returns True even if this endpoint was unreachable, provided that every required (non-optional) service in the same batch succeeded. Setting this flag does not skip delivery or bypass retry logic — all configured retry attempts are still made before the failure is absorbed. By default this is set to no, meaning every failure is propagated to the caller. |
Examples
Section titled “Examples”Send an SMS message:
# Assuming our {AccessKeyID} is AHIAJGNT76XIMXDBIJYA# Assuming our {AccessKeySecret} is bu1dHSdO22pfaaVy/wmNsdljF4C07D3bndi9PQJ9# Assuming our {Region} is us-east-2# Assuming our {PhoneNo} - is in the US somewhere making our country code +1# - identifies as 800-555-1223apprise -vv -t "Test Message Title" -b "Test Message Body" \ sns://AHIAJGNT76XIMXDBIJYA/bu1dHSdO22pfaaVy/wmNsdljF4C07D3bndi9PQJ9/us-east-2/+18005551223
# the following would also have worked (spaces, brackets,# dashes are accepted in a phone no field):apprise -vv -t "Test Message Title" -b "Test Message Body" \ sns://AHIAJGNT76XIMXDBIJYA/bu1dHSdO22pfaaVy/wmNsdljF4C07D3bndi9PQJ9/us-east-2/+1(800)555-1223Send to an SNS topic (title becomes the Subject field for email subscribers):
# Topic mode is auto-detected when only topics are listedapprise -vv -t "Alert Subject" -b "Alert Body" \ sns://AHIAJGNT76XIMXDBIJYA/bu1dHSdO22pfaaVy/wmNsdljF4C07D3bndi9PQJ9/us-east-2/#MyAlertTopic
# Explicitly force topic modeapprise -vv -t "Alert Subject" -b "Alert Body" \ "sns://AHIAJGNT76XIMXDBIJYA/bu1dHSdO22pfaaVy/wmNsdljF4C07D3bndi9PQJ9/us-east-2/#MyAlertTopic?mode=topic"Send using temporary credentials from an IAM role or Lambda:
# Recommended: ?token= accepts the token exactly as AWS provides it,# no escaping needed even when the token contains / charactersapprise -vv -b "Lambda alert fired" \ "sns://AHIAJGNT76XIMXDBIJYA/bu1dHSdO22pfaaVy/wmNsdljF4C07D3bndi9PQJ9/us-east-2/+18005551223?token=MySessionToken"
# Alternate: token in the URL prefix position -- any / in the token# must be percent-encoded as %2Fapprise -vv -b "Lambda alert fired" \ "sns://MySessionToken@AHIAJGNT76XIMXDBIJYA/bu1dHSdO22pfaaVy/wmNsdljF4C07D3bndi9PQJ9/us-east-2/+18005551223"Example YAML configuration using named parameters:
urls: - sns://: - access_key_id: AHIAJGNT76XIMXDBIJYA secret_access_key: bu1dHSdO22pfaaVy/wmNsdljF4C07D3bndi9PQJ9 region: us-east-2 to: "+18005551223,#MyAlertTopic" token: MySessionToken mode: topic Questions or Feedback?
Technical Issues
Having trouble with the code? Open an issue on GitHub: