# Amazon SNS
AWS Systems Manager Automation provides predefined runbooks for Amazon Simple Notification Service. For more information about runbooks, see [Working with runbooks](https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-documents.html). For information about how to view runbook content, see [View runbook content](automation-runbook-reference.md#view-automation-json).
**Topics**
+ [`AWS-EnableSNSTopicDeliveryStatusLogging`](aws-enable-sns-topic-delivery-status-logging.md)
+ [`AWSConfigRemediation-EncryptSNSTopic`](automation-aws-encrypt-sns-topic.md)
+ [`AWS-PublishSNSNotification`](automation-aws-publishsnsnotification.md)
# `AWS-EnableSNSTopicDeliveryStatusLogging`
**Description**
The `AWS-EnableSNSTopicDeliveryStatusLogging` runbook configures delivery status logging for a `HTTP`, Amazon Data Firehose, Lambda, `Platform application`, or Amazon Simple Queue Service (Amazon SQS) endpoint. This allow Amazon SNS to log failed alerts and a sample percentage of successful alert notifications to Amazon CloudWatch. If delivery status logging is already configured for the topic, the runbook replaces the existing configuration with the new values you specify for the input parameters.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWS-EnableSNSTopicDeliveryStatusLogging)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ EndpointType
Type: String
Valid values:
+ HTTP
+ Firehose
+ Lambda
+ Application
+ SQS
Description: (Required) The type of Amazon SNS topic endpoint you want to log delivery status notification messages for.
+ TopicArn
Type: String
Description: (Required) The ARN of the Amazon SNS topic you want to configure delivery status logging for.
+ SuccessFeedbackRoleArn
Type: String
Description: (Required) The ARN of the IAM role which Amazon SNS uses to send logs for successful notification messages to CloudWatch.
+ SuccessFeedbackSampleRate
Type: String
Valid values: 0-100
Description: (Required) The percentage of successful messages to sample for the specified Amazon SNS topic.
+ FailureFeedbackRoleArn
Type: String
Description: (Required) The ARN of the IAM role which Amazon SNS uses to send logs for failure notification messages to CloudWatch.
**Required IAM permissions**
The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+ `ssm:StartAutomationExecution`
+ `ssm:GetAutomationExecution`
+ `iam:PassRole`
+ `sns:GetTopicAttributes`
+ `sns:SetTopicAttributes`
**Document Steps**
+ `aws:executeAwsApi` - Applies the value for the `SuccessFeedbackRoleArn` parameter to the Amazon SNS topic.
+ `aws:executeAwsApi` - Applies the value for the `SuccessFeedbackSampleRate` parameter to the Amazon SNS topic.
+ `aws:executeAwsApi` - Applies the value for the `FailureFeedbackRoleArn` parameter to the Amazon SNS topic.
+ `aws:executeScript` - Confirms delivery status logging is enabled on the Amazon SNS topic.
**Outputs**
VerifyDeliveryStatusLoggingEnabled.GetTopicAttributesResponse - Response from the `GetTopicAttributes` API operations.
VerifyDeliveryStatusLoggingEnabled.VerifyDeliveryStatusLoggingEnabled - Message indicating successful verification of delivery status logging.
# `AWSConfigRemediation-EncryptSNSTopic`
**Description**
The `AWSConfigRemediation-EncryptSNSTopic` runbook enables encryption on the Amazon Simple Notification Service (Amazon SNS) topic you specify using an AWS Key Management Service (AWS KMS) customer managed key. This runbook should only be used as a baseline to ensure that your Amazon SNS topics are encrypted according to minimum recommended security best practices. We recommend encrypting multiple topics with different customer managed keys.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWSConfigRemediation-EncryptSNSTopic)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Required) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.
+ KmsKeyArn
Type: String
Description: (Required) The Amazon Resource Name (ARN) of the AWS KMS customer managed key you want to use to encrypt the Amazon SNS topic.
+ TopicArn
Type: String
Description: (Required) The ARN of the Amazon SNS topic you want to encrypt.
**Required IAM permissions**
The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+ `ssm:StartAutomationExecution`
+ `ssm:GetAutomationExecution`
+ `sns:GetTopicAttributes`
+ `sns:SetTopicAttributes`
**Document Steps**
+ `aws:executeAwsApi` - Encrypts the Amazon SNS topic you specify in the `TopicArn` parameter.
+ `aws:assertAwsResourceProperty` - Confirms encryption is enabled on the Amazon SNS topic.
# `AWS-PublishSNSNotification`
**Description**
Publish a notification to Amazon SNS.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWS-PublishSNSNotification)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ Message
Type: String
Description: (Required) The message to include in the SNS notification.
+ TopicArn
Type: String
Description: (Required) The ARN of the SNS topic to publish the notification to.