How do I access Amazon SNS topic delivery logs for push notifications?

3 minute read
0

I want to access Amazon Simple Notification Service (Amazon SNS) topic delivery logs for push notifications.

Short description

Amazon SNS provides support to log the delivery status of push notification messages sent to topics. After you configure the message delivery status attributes, log entries are sent to Amazon CloudWatch Logs for these push notification messages. Logging message delivery status provides the following operational insights:

  • Know whether a message was delivered to the Amazon SNS endpoint.
  • Identify the response sent from the Amazon SNS endpoint to Amazon SNS.
  • Determine the message dwell time (the time between the publish timestamp and just before handing off to an Amazon SNS endpoint).

Configure push notification delivery status logs

The following section provides steps to configure delivery status logging using the AWS Management Console. You can also use AWS SDKs or AWS Command Line Interface (AWS CLI) to configure message delivery logs.
Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Complete the following steps:

  1. Open the Amazon SNS console.
  2. On the navigation menu, expand Mobile, and then choose Push notifications.
  3. In the Platform applications section, select the platform application that you want to have delivery status for.
  4. Choose Edit.
  5. Delivery status logging - optional.
  6. For Success sample rate enter the percentage of successful messages for which you want to receive CloudWatch Logs. All failed deliveries are logged by default.
  7. In the IAM roles section, for Service role, select Create new service role, and then choose Create new roles. The AWS Identity and Access Management (IAM) console opens.
    Note: If you already have an IAM role with the right permissions, then you can use that service role by selecting Use existing service role instead.
  8. On the IAM console permission request page, choose Allow to give Amazon SNS write access to use CloudWatch Logs on your behalf.
  9. After returning to the Amazon SNS console, choose Save changes.

This creates an IAM role for successful and failed deliveries, with the following policy and trust relationships for Amazon SNS.

IAM role for successful deliveries:

arn:aws:iam::1111111111:role/SNSSuccessFeedback

IAM role for failed deliveries:

arn:aws:iam::1111111111:role/SNSFailureFeedback

Policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:PutMetricFilter",
        "logs:PutRetentionPolicy"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

Trust relationships:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sns.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

View push notification delivery status logs

  1. Open the Amazon CloudWatch console.

  2. On the navigation pane, expand Logs, and then choose Log groups.

  3. In the Filter search box, enter sns to find only log groups for Amazon SNS.

  4. The sns/your-AWS-region/your-account_ID/app/platform_name/application_name log group contains the successful delivery logs.

    sns/us-east-1/1111111111/app/GCM/Test1
    sns/us-east-1/1111111111/app/APNS_SANDBOX/Test2
    sns/us-east-1/1111111111/app/APNS/Test3

    The sns/your-AWS-region/your-account_ID/app/platform_name/application_name**/Failure** log group contains the failure delivery logs:

    sns/us-east-1/1111111111/app/GCM/Test1/Failure
    sns/us-east-1/1111111111/app/APNS_SANDBOX/Test2/Failure
    sns/us-east-1/1111111111/app/APNS/Test3/Failure
  5. Choose the Amazon SNS log group that you want to view.

  6. On the Log streams tab, choose a particular log stream to view the application endpoint delivery logs.

  7. To see the delivery status of your message, expand the log event and check providerResponse. For a list of push notification service response codes, see Platform response codes.

Related information

How do I troubleshoot FCM mobile push notification failures in Amazon SNS?

How do I troubleshoot APNs mobile push notification failures in Amazon SNS?

Mobile app attributes