Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Message data protection in Amazon SNS

PDF
RSS
Focus mode
Message data protection in Amazon SNS - Amazon Simple Notification Service
What is message data protectionWhy use message data protection

What is message data protection?

Message data protection safeguards the data that's published to your Amazon SNS topics by using data protection policies to audit, mask, redact, or block the sensitive information that moves between applications or AWS services.

Message data protection scans data in motion for personally identifiable information (PII) and protected health information (PHI) using data identifiers. You can choose to use predefined (or Amazon SNS managed) data identifiers (for example, names, addresses, credit card numbers, and prescription drug codes), or you can create your own custom data identifiers, specific to your business use case. Using the scanned information, message data protection provides detailed audit logs, and allows you to take action to protect that data.

Message data protection supports the following actions to help protect sensitive customer information:

  • Audit – Audit up to 99% of the data that's published to an Amazon SNS topic. You can then choose to send the findings to Amazon CloudWatch, Amazon S3, or Amazon Data Firehose.

  • De-identify – Mask or redact sensitive data without interrupting message publishing or delivering.

  • Deny – Block the transmission of data between applications and AWS resources if sensitive data is present within the payload.

Note

Amazon SNS supports message data protection for Amazon SNS standard topics only.

Why should I use message data protection?

By introducing message data protection into your governance, risk management, and compliance programs, you can implement data protection policies that help you to identify and prevent data leakage. This provides your teams with tools that can help to reduce financial, legal, and regulatory risks by complying with privacy regulations such as HIPAA, GDPR, PCI, and FedRAMP. It also frees your developers from the operational overhead that's associated with building and managing your own tools to protect sensitive data.

For example, you can use message data protection to create an audit policy to determine whether any of your systems are inadvertently sending or receiving sensitive data. If your audit results show that systems are sending credit card information to systems that don’t require it, you can use a block policy to prevent the delivery of the data.

Note

Amazon SNS supports message data protection for Amazon SNS standard topics only.

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.