This topic explains how to enable message delivery status logging for Amazon SNS topics, including configuring logging settings, assigning IAM roles, and verifying that CloudWatch Logs capture delivery logs for monitoring and troubleshooting.
Sign in to the Amazon SNS console
. -
On the navigation panel, choose Topics.
-
Select the desired topic and then choose Edit.
-
Expand the Delivery status logging section.
-
Choose the protocol for which you want to enable logging (for example, HTTP, Lambda, Amazon SQS).
-
Enter the Success sample rate, which is the percentage of successful messages for which you want to receive CloudWatch Logs.
-
In the IAM roles section, you must configure roles for both success and failure logging:
-
Use an existing service role – Select an existing IAM role that has the required permissions for Amazon SNS to write logs to CloudWatch.
-
Create a new service role – Choose Create new roles to define the IAM roles for successful and failed deliveries in the IAM console. For permission details, see Prerequisites for delivery status logging.
-
-
Choose Save changes.
After enabling logging, you can view and parse the CloudWatch Logs containing the message delivery status. For more information about using CloudWatch, see the CloudWatch documentation
.
Verifying log setup
-
Sign into the CloudWatch Logs console.
-
Locate the log group named
sns/<region>/<account-id>/<topic-name>. -
Ensure log streams exist for the configured endpoint protocol.
-
Send a test message to your topic and confirm that log entries appear, indicating successful or failed deliveries.
