Prerequisites Add a message and event destination Encrypted Amazon SNS topic policies Next steps

Add a message and event destination to AWS End User Messaging Social

When you turn on message and event publishing, all of the events generated by your WhatsApp Business Account (WABA) are sent to the Amazon SNS topic. This includes events for each phone number associated to a WhatsApp Business Account. Your WABA can have one Amazon SNS topic associated with it.

Prerequisites

Before you begin, the following prerequisites should be met.

(Optional) To use an Amazon SNS topic that is encrypted using AWS KMS keys you have to grant AWS End User Messaging Social permissions to the existing key policy.

Add a message and event destination

Open the AWS End User Messaging Social console at https://console.aws.amazon.com/social-messaging/.
Choose Business account, and then choose a WABA.
On the Event destination tab, choose Edit destination.
To turn on an event destination, choose Enable.
To send your events to a new Amazon SNS destination, choose New SNS stand topic, and enter a name in Topic name. The Amazon SNS topic is created with permissions to allow AWS End User Messaging Social to access the topic.

To send your events to an existing Amazon SNS destination, choose Existing SNS standard topic, and choose a topic form Topic arn. You have to apply the following permissions to the Amazon SNS topic:
```
{
    "Effect": "Allow",
    "Principal": {
        "Service": [
          "social-messaging.amazonaws.com"
        ]
       },
    "Action": "sns:Publish",
    "Resource": "arn:{PARTITION}:sns:{REGION}:{ACCOUNT}:{TOPIC_NAME}"
}
```
Choose Save changes.

Encrypted Amazon SNS topic policies

You can use Amazon SNS topics that are encrypted using AWS KMS keys for an additional level of security. This added security can be helpful if your application handles private or sensitive data. For more information about encrypting Amazon SNS topics using AWS KMS keys, see Enable compatibility between event sources from AWS services and encrypted topics in the Amazon Simple Notification Service Developer Guide.

The example statement uses the, optional but recommended, SourceAccount and SourceArn conditions to avoid the confused deputy problem and only the AWS End User Messaging Social owner account has access. For more information on the confused deputy problem, see The confused deputy problem in the IAM user guide.

The key that you use must be symmetric. Encrypted Amazon SNS topics don't support asymmetric AWS KMS keys.

The key policy must be modified to allow AWS End User Messaging Social to use the key. Follow the directions in Changing a key policy, in the AWS Key Management Service Developer Guide, to add the following permissions to the existing key policy:


{
    "Effect": "Allow",
    "Principal": {
        "Service": "social-messaging.amazonaws.com"
    },
    "Action": [
        "kms:GenerateDataKey*",
        "kms:Decrypt"
    ],
    "Resource": "*",
    "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "{ACCOUNT_ID}"
        },
        "ArnLike": {
          "aws:SourceArn": "arn:{PARTITION}:social-messaging:{REGION}:{ACCOUNT_ID}:*"
        }
     }
}

Next steps

Once you have set up your Amazon SNS topic, you must subscribe an endpoint to the topic. The endpoint will start to receive messages published to the associated topic. For more information on subscribing to a topic, see Subscribing to an Amazon SNS topic in the Amazon SNS Developer Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Message and event destinations

Message and event format