Now we are ready to configure the subscription for the customer notification service:
After selecting the topic RideCompletionTopic, click the Create subscription button in the bottom right corner.
In the next page, select HTTP as the subscription protocol.
To look-up the subscription endpint, navigate back to your CloudFormation console, select the stack wild-rydes-async-msg-1 and select the Outputs tab. Select the value, corresponding to the key CustomerNotificationServiceLBURL. It should look similar like http://cnslb-...elb.amazonaws.com.
You can also look-up the value by running the following command:
aws cloudformation describe-stacks \
--stack-name wild-rydes-async-msg-1 \
--query 'Stacks[].Outputs[?OutputKey==`CustomerNotificationServiceLBURL`].OutputValue' \
--output text
Click Create subscription to create the subscription.
Amazon SNS require a confirmation of a subscription, before it publishes messages to that endpoint, as described here.
Our provided Customer Notification Service handles this automatically for us. The Status will change to Confirmed immediately (may refresh the page a couple of times). There is nothing to do for you in this step.
But if you are curious how this can be done, keep reading…
How to confirm a subscription to Amazon SNS via HTTP(S) automatically?
Amazon SNS will send an HTTP(S) POST request to the subscription endpoint. The request payload is a JSON document as described here. It contains a ‘SubscribeURL’ attribute with an URL you have to request, to confirm the subscription. If you are using Python, this can be done in the following way:
def confirm_subscription(data):
request_body = json.loads(data)
subscribe_url = request_body['SubscribeURL']
# issue a GET request to the subscribe confirmation url
requests.get(subscribe_url)
app.logger.info("subscription confirmed")
return
Now you are may wondering how to verify, the request is really coming from Amazon SNS and not somebody else, as your endpoint is publicly available. If this is the case, keep reading…
How to verify the HTTP(S) request is really coming from Amazon SNS?
As your endpoint is publicly available, it can be call by everyone. To verify the request is really coming from Amazon SNS, you can validate the request signature which is part of the request payload as described here. In case you are using Python, you can do it in the following way:
def is_invalidate_sns_signature(request):
# TODO: implement the sns signature verification to make sure the message comes from Amazon SNS
return False
In your Cloud9 IDE for this workshop, open the SAM template file ‘wild-rydes-async-messaging/lab-1/template.yaml’. In the Resources section, add the definition for the Amazon SNS subscription for the CustomerNotificationService. You can find the AWS CloudFormation documentation to do so here.
Run the following command to build the lab again, after we have added the Amazon SNS subscription:
cd ~/environment/wild-rydes-async-messaging/lab-1
sam build
Now we are ready to update the application, by running the following command to deploy the change:
sam deploy \
--guided \
--stack-name wild-rydes-async-msg-1 \
--capabilities CAPABILITY_IAM
Confirm the first 4 proposed arguments by hitting ENTER. When you get asked SubmitRideCompletionFunction may not have authorization defined, Is this okay? [y/N]:, enter y
and hit ENTER again 2 times.
Because AWS SAM will only deploy/update/delete resources which are changed, it only takes a couple of seconds to deploy the new Amazon SNS subscription.