# Push notifications
You can use Notifications in the Console Mobile Application to create actionable push notifications from AWS services, such as CloudWatch. These notifications can be delivered to your mobile device when a resource requires your attention. Enabling push notifications requires you to [share your device ID with AWS](data-protection.md#data-privacy). Use this tutorial to get started with and manage your push notifications in the Console Mobile Application.
**Note**
Push notifications depend on external services, such as Apple and Google messaging services. In the event of a service outage, AWS can’t guarantee the reliability or timeliness of notification delivery.
## Prerequisites
Before you begin, be sure that you’ve completed the steps in [Getting started with the AWS Console Mobile Application](getting-started.md).
To receive push notifications, you must have the appropriate AWS User Notifications permissions. For more information, see [Resource-level permissions](https://docs.aws.amazon.com/notifications/latest/userguide/resource-level-permissions.html) in the *AWS User Notifications User Guide*.
## Step 1: Get started with push notifications
To receive notifications about resources of interest, you must allow push notifications and create or subscribe to an existing notification configuration. A notification configuration is a container of your selected services and event rules. An event rule specifies what event generates a notification.
**To create new notification configurations**
1. In the Console Mobile Application, from the tab menu at the bottom of your device, choose **Notifications**.
1. Choose **Agree**.
1. Choose **Allow**.
1. Set up notification configurations as follows:
**Tip**
If someone in your account has already created notification configurations, you can use them by choosing **Select existing**. For more information, see the next procedure.
1. Choose **Create new**.
1. Enter a name.
1. (Optional) Enter a description.
**Tip**
Using distinct descriptions helps other account users differentiate alarms.
1. Select a Region.
1. (Optional) Select alarms.
**Note**
Choosing **Specific alarms** allows you to select individual alarms to receive notifications for. Choosing **All alarms** selects all available alarms in the account. Note that choosing **All alarms** can result in increased notifications.
1. Choose **Next**.
1. View your selected notification configurations.
**To select existing notification configurations**
1. In the Console Mobile Application, from the tab menu at the bottom of your device, choose **Notifications**.
1. Choose **Agree**.
1. Choose **Allow**.
1. Set up notification configurations as follows:
1. Choose **Select existing**.
1. Select notification configurations by choosing the plus sign (**\$1**).
1. View your selected notification configurations.
**Note**
You can view other notification configurations by choosing the **All** tab. You can always return and modify previously selected notification preferences from this screen. If you deselect a notification configuration, you won’t receive push notifications for it.
## Step 2: Viewing notifications
You can view console notifications directly in the Console Mobile Application.
**Note**
Whenever a new notification is available, the bell icon in the tab menu shows a blue badge.
If you log out of the application, you will still receive push notifications on your device. You must sign back in to the application to view its details.
**To view your notifications**
1. Open the Console Mobile Application.
1. From the tab menu at the bottom of your device, choose **Notifications**.
1. Select a notification in your inbox to view additional details.
## Managing notifications
You can manage your notifications in any of the following ways:
### Subscribing to a notification configuration
You can generate push notifications from existing notification configurations in your account by selecting them.
**To subscribe to an existing notification configuration**
1. In the Console Mobile Application, from the tab menu at the bottom of your device, choose **Notifications**.
1. Choose **Configurations**.
1. In the **All** tab, select notification configurations by choosing the plus sign (**\$1**).
### Unsubscribing from a notification configuration
If you no longer wish to receive push notifications for an existing configuration, you can unsubscribe.
**To unsubscribe from an existing notification configuration**
1. In the Console Mobile Application, from the tab menu at the bottom of your device, choose **Notifications**.
1. Choose **Configurations**.
1. In the **Selected** tab, deselect notification configurations by choosing the green checkmark icon.
### Deleting a notification configuration
If you no longer need a notification configuration, you can delete it.
**Warning**
Deleting a notification configuration removes it from the account.
**To delete a notification configuration**
1. In the Console Mobile Application, from the tab menu at the bottom of your device, choose **Notifications**.
1. Choose **Configurations**.
1. Locate and choose the notification configuration.
1. Choose the vertical ellipsis icon.
1. Choose **Delete**.
**Note**
You can also manage your mobile device’s push notifications from the AWS User Notifications console by adding your mobile device as a delivery channel, but this requires additional permissions. For more information, see [Listing mobile devices as delivery channels](permissions-policies.md).
# IAM permissions for listing mobile devices as delivery channels
The AWS Console Mobile Application supports push notifications via [AWS User Notifications](https://docs.aws.amazon.com/notifications/latest/userguide/what-is.html). If you enable push notifications, the Console Mobile Application collects your device nickname (if applicable) to help identify your device. You can manage your mobile device’s push notifications from the AWS User Notifications console by adding your device as a delivery channel. Delivery channels allow you to receive and view notifications in locations other than the AWS Management Console. You can remove your device as a delivery channel at any time.
You must have access to the `ListDeviceIdentities` and `GetDeviceIdentity` API actions to view your mobile device in the AWS User Notifications Console. The following sample policies show how to allow or deny permissions to these actions.
For more information about delivery channels, see [Managing delivery channels](https://docs.aws.amazon.com/notifications/latest/userguide/managing-delivery-channels.html) in the *AWS User Notifications User Guide*.
## Sample ListDeviceIdentities IAM policies
### Allow ListDeviceIdentities
You can attach the following policy to your IAM identities. This policy allows access to `ListDeviceIdentities`.
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"consoleapp:ListDeviceIdentities"
],
"Resource": [
"*"
]
}
]
}
```
### Deny ListDeviceIdentities
You can attach the following policy to your IAM identities. This policy denies access to `ListDeviceIdentities`.
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"consoleapp:ListDeviceIdentities"
],
"Resource": [
"*"
]
}
]
}
```
## Sample GetDeviceIdentity IAM policies
### Allow GetDeviceIdentity
This policy allows a specific resource access to `GetDeviceIdentity`.
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"consoleapp:GetDeviceIdentity"
],
"Resource": [
"consoleapp::123456789012:device/2FQVtmveB13WEXAMPL3D3V1D/identity/AIDACKCEVSQ6C2EXAMPLE"
]
}
]
}
```
### Deny GetDeviceIdentity
This policy denies a specific resource access to `GetDeviceIdentity`.
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"consoleapp:GetDeviceIdentity"
],
"Resource": [
"consoleapp::123456789012:device/2FQVtmveB13WEXAMPL3D3V1D/identity/AIDACKCEVSQ6C2EXAMPLE"
]
}
]
}
```
The following shows an example of the denial response:
```
{"message": "User: arn:aws:iam::123456789012:user/testUser-readOnly is not authorized to perform: consoleapp:GetDeviceIdentity on resource: arn:aws:consoleapp::123456789012:device/2FQVtmveB13WEXAMPL3D3V1D/identity/123456789012 with an explicit deny"}
```