Skip to main content

AWS DVA-C02 Drill: S3 Event Notifications - SNS Fan-Out vs. Direct Integrations

·1525 words·8 mins·
Certification Drills AWS DVA-C02 Amazon S3 Amazon SNS AWS Lambda Event-Driven Architecture S3 Event Notifications
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | AWS SAA/SAP & Multi-Cloud Expert.
Table of Contents

Jeff’s Note
#

Jeff’s Note
#

“Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Lead Developer.”

“For DVA-C02 candidates, the confusion often lies in choosing between direct S3→Lambda triggers versus SNS fan-out patterns. In production, this is about knowing exactly when S3 event notifications support multiple destinations natively versus when you need SNS as a message broker. Let’s drill down.”

The Certification Drill (Simulated Question)
#

Scenario
#

PhotoStream Inc., a digital media platform, is building an automated image processing pipeline. When users upload profile pictures to their S3 bucket (photostream-uploads), the system must perform two independent actions:

  1. Generate thumbnail versions using a Lambda function for faster page loads
  2. Send email confirmations to users notifying them of successful uploads

The development team needs to architect an event-driven solution that ensures both actions occur reliably every time an image lands in S3, while maintaining loose coupling between components.

The Requirement:
#

Design an S3 event notification architecture that triggers Lambda-based thumbnail generation AND sends email notifications, using AWS managed services with minimal operational overhead.

The Options
#

  • A) Create an Amazon SNS topic. Configure S3 event notifications to publish to the SNS topic. Subscribe the Lambda function as an SNS subscriber. Create an email subscription directly to the SNS topic.
  • B) Create an Amazon SNS topic. Configure S3 event notifications to publish to the SNS topic. Subscribe the Lambda function to the SNS topic. Create an SQS queue, subscribe it to the SNS topic, then create an email subscription to the SQS queue.
  • C) Create an Amazon SQS queue. Configure S3 event notifications to send to the SQS queue. Subscribe the Lambda function as an SQS event source. Create an email subscription directly to the SQS queue.
  • D) Create an Amazon SQS queue. Route S3 event notifications through EventBridge. Create an EventBridge rule that triggers the Lambda function on image uploads. Create another EventBridge rule that sends notifications to the SQS queue, then configure email subscriptions to the SQS queue.

Google adsense
#

Correct Answer
#

Option A.

Quick Insight: The Fan-Out Pattern Imperative
#

For Developers: S3 natively supports SNS as a notification destination. SNS enables the fan-out pattern - one event triggers multiple independent subscribers (Lambda + Email) simultaneously. The key API understanding: SNS supports email protocol subscriptions directly via sns:Subscribe with Protocol=‘email’, while SQS does not support email subscriptions at all.

Content Locked: The Expert Analysis
#

You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?

Unlock Full Access & Start Mastering

The Expert’s Analysis
#

Correct Answer
#

Option A

The Winning Logic
#

This solution correctly implements the SNS fan-out pattern for S3 event-driven architectures:

Why Option A is architecturally sound:

  1. S3 → SNS Native Integration: S3 event notifications support SNS topics as direct destinations via s3:PutBucketNotificationConfiguration. When an object is created, S3 publishes a JSON event message to the SNS topic.

  2. SNS Fan-Out Capability: A single SNS topic can have multiple heterogeneous subscribers:

    • Lambda subscription: Uses AWS::Lambda::Permission to allow SNS to invoke the function. The Lambda receives the S3 event payload wrapped in an SNS envelope.
    • Email subscription: SNS natively supports email protocol (Protocol: email). Subscribers receive formatted emails with the S3 event details.

  3. Decoupled Architecture: The Lambda function and email system operate independently. If Lambda fails, email still sends. If email bounces, Lambda still processes.

Developer-Specific API Details:

# Lambda function receives SNS-wrapped S3 event
def lambda_handler(event, context):
    for record in event['Records']:
        # SNS envelope
        sns_message = json.loads(record['Sns']['Message'])
        
        # Actual S3 event inside
        s3_event = sns_message['Records'][0]
        bucket = s3_event['s3']['bucket']['name']
        key = s3_event['s3']['object']['key']
        
        # Process thumbnail generation
        generate_thumbnail(bucket, key)

Correct S3 Notification Configuration:

{
  "TopicConfigurations": [
    {
      "TopicArn": "arn:aws:sns:us-east-1:123456789012:photostream-events",
      "Events": ["s3:ObjectCreated:*"],
      "Filter": {
        "Key": {
          "FilterRules": [
            {"Name": "suffix", "Value": ".jpg"}
          ]
        }
      }
    }
  ]
}

The Trap (Distractor Analysis)
#

Why not Option B?

  • Unnecessary Complexity: Adding SQS between SNS and email creates an anti-pattern. SQS queues do not support email subscriptions. The proposed architecture (SNS → SQS → Email) is impossible because SQS has no native email delivery mechanism. You’d need a consumer to poll SQS and then call SES, adding unnecessary components.
  • Developer Mistake: Confusing SQS’s role as a work queue with SNS’s role as a notification broadcaster.

Why not Option C?

  • Lambda Event Source Limitation: While Lambda supports SQS as an event source (AWS::Lambda::EventSourceMapping), SQS cannot send emails directly. There’s no sqs:Subscribe API with email protocol support.
  • Missing Fan-Out: S3 → SQS → Lambda is a valid pattern for buffering, but it doesn’t solve the email requirement without additional custom code in Lambda to call SES.

Why not Option D?

  • Over-Engineering: While S3 can send events to EventBridge (via EventBridgeConfiguration), this adds latency and complexity for no benefit. EventBridge is better suited for complex event routing rules across multiple AWS accounts or advanced filtering.
  • Still Missing Email: Like Option C, SQS cannot deliver emails. You’d need Lambda or another service to consume from SQS and call SES.
  • Cost Overhead: EventBridge charges per event published and per rule match, whereas SNS is more cost-effective for simple fan-out scenarios.

The Technical Blueprint
#

SNS Fan-Out Architecture (Developer Implementation View):

# Step 1: Create SNS topic
aws sns create-topic --name photostream-events

# Step 2: Subscribe Lambda function
aws sns subscribe \
  --topic-arn arn:aws:sns:us-east-1:123456789012:photostream-events \
  --protocol lambda \
  --notification-endpoint arn:aws:lambda:us-east-1:123456789012:function:thumbnail-generator

# Step 3: Grant SNS permission to invoke Lambda
aws lambda add-permission \
  --function-name thumbnail-generator \
  --statement-id AllowSNSInvoke \
  --action lambda:InvokeFunction \
  --principal sns.amazonaws.com \
  --source-arn arn:aws:sns:us-east-1:123456789012:photostream-events

# Step 4: Subscribe email
aws sns subscribe \
  --topic-arn arn:aws:sns:us-east-1:123456789012:photostream-events \
  --protocol email \
  --notification-endpoint [email protected]

# Step 5: Configure S3 bucket notification
aws s3api put-bucket-notification-configuration \
  --bucket photostream-uploads \
  --notification-configuration file://notification.json

notification.json:

{
  "TopicConfigurations": [
    {
      "Id": "ImageUploadNotification",
      "TopicArn": "arn:aws:sns:us-east-1:123456789012:photostream-events",
      "Events": ["s3:ObjectCreated:*"],
      "Filter": {
        "Key": {
          "FilterRules": [
            {"Name": "prefix", "Value": "uploads/"},
            {"Name": "suffix", "Value": ".jpg"}
          ]
        }
      }
    }
  ]
}

Lambda Invocation Payload Structure:

{
  "Records": [
    {
      "EventSource": "aws:sns",
      "Sns": {
        "Type": "Notification",
        "MessageId": "95df01b4-ee98-5cb9-9903-4c221d41eb5e",
        "TopicArn": "arn:aws:sns:us-east-1:123456789012:photostream-events",
        "Subject": "Amazon S3 Notification",
        "Message": "{\"Records\":[{\"eventName\":\"ObjectCreated:Put\",\"s3\":{\"bucket\":{\"name\":\"photostream-uploads\"},\"object\":{\"key\":\"uploads/profile.jpg\"}}}]}",
        "Timestamp": "2025-12-13T10:30:00.000Z"
      }
    }
  ]
}

The Comparative Analysis
#

Option API Complexity Native Email Support Latency Use Case DVA-C02 Exam Relevance
A) S3 → SNS → (Lambda + Email) Low - Native integrations using s3:PutBucketNotificationConfiguration and sns:Subscribe Yes - SNS Protocol=‘email’ ~100ms - Direct pub/sub Fan-out notifications - One event, multiple independent actions Primary pattern tested - Tests understanding of SNS as message broker
B) S3 → SNS → SQS → Email High - Additional SQS layer No - SQS has no email protocol ~300ms - Extra hop None - Architecturally invalid Tests if candidates know SQS limitations
C) S3 → SQS → Lambda (Email?) Medium - Valid for Lambda, but missing email No - Requires custom SES integration in code ~200ms - Polling delay Buffered processing only Tests understanding of SQS vs SNS roles
D) S3 → EventBridge → (Lambda + SQS) High - EventBridge rules + custom targets No - Still requires SES integration ~500ms - Multiple hops Complex cross-account routing Tests if candidates over-engineer simple solutions

Key Developer Insight for DVA-C02:

The exam tests whether you understand:

  1. S3’s supported notification destinations: SNS, SQS, Lambda (but Lambda doesn’t support fan-out natively)
  2. SNS’s subscription protocols: lambda, sqs, email, SMS, HTTP/S (not SQS’s protocols)
  3. When to use fan-out vs. buffering: SNS for parallel execution, SQS for rate limiting

Real-World Application (Practitioner Insight)
#

Exam Rule
#

“For the DVA-C02 exam, when you see ‘multiple independent actions triggered by a single S3 event’, immediately think SNS fan-out pattern. If the requirement includes email notifications, verify the service supports email protocol - only SNS does natively.”

Real World
#

“In production, we often enhance Option A by:

  1. Adding SQS Dead Letter Queues (DLQs) to each SNS subscription for handling failed Lambda invocations
  2. Using SNS Message Filtering to route different S3 event types to specialized Lambdas (e.g., images vs. videos)
  3. Implementing SNS Message Attributes to pass metadata without parsing JSON
  4. Monitoring with CloudWatch SNS metrics: NumberOfNotificationsFailed, NumberOfMessagesPublished

However, for simple notification scenarios like this, the email subscription might be replaced with Amazon SES triggered from Lambda for richer HTML email templates and better deliverability tracking. The exam favors the ’native integration’ approach (SNS email) over custom code solutions.”

Production Enhancement Example:

# Enhanced Lambda with error handling and DLQ support
import boto3
import json
from botocore.exceptions import ClientError

s3 = boto3.client('s3')
sns = boto3.client('sns')

def lambda_handler(event, context):
    try:
        for record in event['Records']:
            # Parse SNS message
            message = json.loads(record['Sns']['Message'])
            s3_record = message['Records'][0]
            
            bucket = s3_record['s3']['bucket']['name']
            key = s3_record['s3']['object']['key']
            
            # Generate thumbnail
            thumbnail_key = generate_thumbnail(bucket, key)
            
            # Publish success metric
            sns.publish(
                TopicArn='arn:aws:sns:us-east-1:123456789012:thumbnail-success',
                Message=f'Thumbnail created: {thumbnail_key}',
                MessageAttributes={
                    'ProcessingTime': {'DataType': 'Number', 'StringValue': '1.5'}
                }
            )
            
    except ClientError as e:
        print(f"Error processing: {e}")
        raise  # Let Lambda retry mechanism and DLQ handle it

Stop Guessing, Start Mastering
#

Unlock The Full Analysis Now

Disclaimer

This is a study note based on simulated scenarios for the AWS DVA-C02 exam. While inspired by real AWS services and best practices, company names and specific scenarios are fictional for educational purposes. Always refer to official AWS documentation and the AWS Certified Developer - Associate exam guide for authoritative information.

The DevPro Network: Mission and Founder

A 21-Year Tech Leadership Journey

Jeff Taakey has driven complex systems for over two decades, serving in pivotal roles as an Architect, Technical Director, and startup Co-founder/CTO.

He holds both an MBA degree and a Computer Science Master's degree from an English-speaking university in Hong Kong. His expertise is further backed by multiple international certifications including TOGAF, PMP, ITIL, and AWS SAA.

His experience spans diverse sectors and includes leading large, multidisciplinary teams (up to 86 people). He has also served as a Development Team Lead while cooperating with global teams spanning North America, Europe, and Asia-Pacific. He has spearheaded the design of an industry cloud platform. This work was often conducted within global Fortune 500 environments like IBM, Citi and Panasonic.

Following a recent Master’s degree from an English-speaking university in Hong Kong, he launched this platform to share advanced, practical technical knowledge with the global developer community.


About This Site: AWS.CertDevPro.com


AWS.CertDevPro.com focuses exclusively on mastering the Amazon Web Services ecosystem. We transform raw practice questions into strategic Decision Matrices. Led by Jeff Taakey (MBA & 21-year veteran of IBM/Citi), we provide the exclusive SAA and SAP Master Packs designed to move your cloud expertise from certification-ready to project-ready.