Create Customer Notification Service Subscription

Now we are ready to configure the subscription for the customer notification service:

1. Create a new subscription

After selecting the topic RideCompletionTopic, click the Create subscription button in the bottom right corner.

Detailed description

2. Configure the subscription

In the next page, select HTTP as the subscription protocol.

To look-up the subscription endpint, navigate back to your CloudFormation console, select the stack wild-rydes-async-msg-1 and select the Outputs tab. Select the value, corresponding to the key CustomerNotificationServiceLBURL. It should look similar like
You can also look-up the value by running the following command:

aws cloudformation describe-stacks \
    --stack-name wild-rydes-async-msg-1 \
    --query 'Stacks[].Outputs[?OutputKey==`CustomerNotificationServiceLBURL`].OutputValue' \
    --output text

Click Create subscription to create the subscription.

Detailed description

3. Confirm the subscription

Amazon SNS require a confirmation of a subscription, before it publishes messages to that endpoint, as described here.
Our provided Customer Notification Service handles this automatically for us. The Status will change to Confirmed immediately (may refresh the page a couple of times). There is nothing to do for you in this step.

Detailed description

But if you are curious how this can be done, keep reading…

How to confirm a subscription to Amazon SNS via HTTP(S) automatically?
Amazon SNS will send an HTTP(S) POST request to the subscription endpoint. The request payload is a JSON document as described here. It contains a ‘SubscribeURL’ attribute with an URL you have to request, to confirm the subscription. If you are using Python, this can be done in the following way:

def confirm_subscription(data):
    request_body = json.loads(data)
    subscribe_url = request_body['SubscribeURL']
    # issue a GET request to the subscribe confirmation url
    requests.get(subscribe_url)"subscription confirmed")

Now you are may wondering how to verify, the request is really coming from Amazon SNS and not somebody else, as your endpoint is publicly available. If this is the case, keep reading…

How to verify the HTTP(S) request is really coming from Amazon SNS?
As your endpoint is publicly available, it can be call by everyone. To verify the request is really coming from Amazon SNS, you can validate the request signature which is part of the request payload as described here. In case you are using Python, you can do it in the following way:

def is_invalidate_sns_signature(request):
    # TODO: implement the sns signature verification to make sure the message comes from Amazon SNS
    return False

1. Update the AWS SAM template

In your Cloud9 IDE for this workshop, open the SAM template file ‘wild-rydes-async-messaging/lab-1/template.yaml’. In the Resources section, add the definition for the Amazon SNS subscription for the CustomerNotificationService. You can find the AWS CloudFormation documentation to do so here.

Cheat Sheet
Detailed description

2. Deploy the updated AWS SAM template

Run the following command to build the lab again, after we have added the Amazon SNS subscription:

cd ~/environment/wild-rydes-async-messaging/lab-1
sam build

Now we are ready to update the application, by running the following command to deploy the change:

sam deploy \
    --guided \
    --stack-name wild-rydes-async-msg-1 \
    --capabilities CAPABILITY_IAM

Confirm the first 4 proposed arguments by hitting ENTER. When you get asked SubmitRideCompletionFunction may not have authorization defined, Is this okay? [y/N]:, enter y and hit ENTER again 2 times.

Because AWS SAM will only deploy/update/delete resources which are changed, it only takes a couple of seconds to deploy the new Amazon SNS subscription.