Cargando...
Cargando...
Stop guessing which messaging service to use — master the decision framework that appears on every AWS certification exam
Pull vs Push vs Route vs Stream — four services, four distinct jobs
| Feature | SQS Durable queue for decoupled workloads | SNS Fan-out push to many subscribers | EventBridge Event router with content-based filtering | Kinesis Real-time ordered streaming at scale |
|---|---|---|---|---|
Core Pattern This is the #1 differentiator. SQS = pull/poll. SNS = push. EventBridge = route by content. Kinesis = ordered stream replay. | Point-to-point (1 producer → 1 consumer group pulls) | Pub/Sub fan-out (1 publisher → N subscribers pushed) | Event bus routing (many sources → rules → many targets) | Streaming (producers → shards → multiple independent consumers) |
Message/Event Delivery Model Only Kinesis allows multiple independent consumers to replay the same data from the same stream. SQS message is consumed once (deleted after ack). SNS is push-only. | Consumer polls and deletes; message locked during processing (visibility timeout) | Push delivery; fire-and-forget to all subscribers simultaneously | Push to matched targets based on event pattern rules | Consumers read from shard position; message NOT deleted after read |
Message Retention SNS has NO built-in persistence. If subscriber is unavailable, message is lost unless SNS → SQS fan-out pattern is used. EventBridge Archive feature allows indefinite replay. | 1 minute to 14 days (default: 4 days) | No persistence — delivered immediately or lost (DLQ optional) | 24 hours for failed delivery retries on event buses; Archive can retain indefinitely | Default 24 hours; extendable up to 365 days (extended retention) |
Ordering Guarantee For strict ordering at scale: Kinesis (by partition key) or SQS FIFO (by MessageGroupId). EventBridge does NOT guarantee ordering. | Standard: best-effort ordering. FIFO: strict ordering within message group | No guaranteed ordering for Standard topics. FIFO topics preserve order | No strict ordering guarantee across targets | Strict ordering guaranteed within a shard; partition key determines shard |
Throughput / Scale Kinesis throughput scales by adding shards. SQS Standard scales automatically. FIFO queues have hard throughput limits unless high-throughput mode is enabled. | Standard: nearly unlimited TPS. FIFO: 300 TPS (3,000 with batching); High-throughput FIFO: up to 70,000 msg/s per API action | Standard topics: nearly unlimited publishes. FIFO topics: 300 publishes/s (3,000 with batching) | Default: 10,000 events/s per account per region (adjustable). Invocations throttle limit applies | 1 MB/s or 1,000 records/s per shard ingest; 2 MB/s per shard read (Enhanced Fan-Out: 2 MB/s per consumer per shard) |
Message/Event Size Limit All four services share the 256 KB limit EXCEPT Kinesis which allows 1 MB. For larger payloads, use S3 + pointer pattern (Claim Check pattern). | 256 KB per message (use S3 Extended Client Library for larger payloads) | 256 KB per message | 256 KB per event | 1 MB per record |
Filtering / Routing EventBridge has the most powerful filtering. SNS filter policies only work on message attributes. SQS and Kinesis require application-level filtering. | No native filtering; consumers receive all messages in queue | Subscription filter policies (attribute-based filtering per subscriber) | Rich content-based filtering via event patterns (prefix, suffix, numeric range, exists, anything-but, IP range matching) | No native filtering; consumers filter client-side or use Lambda event source mapping filter |
Third-Party / SaaS Integration EventBridge is the ONLY service with native SaaS partner integrations and API Destinations. This is a common exam differentiator for third-party event scenarios. | AWS services only (via SDK/API) | AWS services + HTTP/S endpoints + email + SMS + mobile push | Native partner event sources (Salesforce, Zendesk, GitHub, Datadog, etc.) + API Destinations for any HTTP endpoint | AWS services only natively; use Firehose for delivery to S3/Redshift/OpenSearch |
Consumer Model SQS long polling (up to 20 seconds) reduces empty responses and cost. Kinesis Enhanced Fan-Out provides dedicated 2 MB/s throughput per registered consumer. | Pull-based polling (short or long polling); competing consumers pattern | Push to all subscribers simultaneously; no polling | Push to matched targets; no polling | Pull via GetRecords API or push via Enhanced Fan-Out (HTTP/2 streaming) |
Dead Letter Queue (DLQ) Support All four support DLQ patterns but implementation differs. EventBridge allows per-target retry policies (up to 185 retries over 24 hours) in addition to DLQ. | Native DLQ support (SQS queue as DLQ); configurable maxReceiveCount | DLQ support per subscription (SQS queue); for Lambda, Kinesis, SQS, HTTP subscribers | DLQ per rule target (SQS queue); also supports retry policies per target | No native DLQ; Lambda event source mapping supports DLQ/on-failure destination |
Replay / Reprocessing If the requirement is 'replay events' or 'reprocess historical data', the answer is Kinesis or EventBridge Archive. SQS and SNS cannot replay. | Not supported natively; messages deleted after successful processing | Not supported; no message store | EventBridge Archive + Replay feature allows replaying past events to an event bus | Native replay by resetting shard iterator to any position within retention window |
Exactly-Once Processing Only SQS FIFO guarantees exactly-once processing natively. FIFO deduplication window is 5 minutes. For Kinesis, use sequence numbers for idempotency. | Standard: at-least-once. FIFO: exactly-once processing (deduplication via MessageDeduplicationId) | At-least-once delivery for Standard; FIFO topics provide deduplication | At-least-once delivery | At-least-once by default; exactly-once requires idempotent consumer logic |
Encryption All four services support KMS encryption. SQS SSE-SQS (free, AWS-managed) vs SSE-KMS (customer-managed, incurs KMS costs) is a cost optimization exam topic. | SSE with SQS-managed keys (SSE-SQS) or AWS KMS (SSE-KMS); in-transit via HTTPS | SSE with SNS-managed keys or AWS KMS; in-transit via HTTPS | Events encrypted in transit; at-rest encryption for archives; KMS for custom event buses | Server-side encryption with AWS KMS; in-transit via HTTPS/TLS |
Pricing Model EventBridge default bus (CloudWatch Events) is free for AWS service events. Custom/partner bus events cost $1/million. Kinesis costs scale with shards even with no traffic — plan capacity carefully. | Per API request (every 64 KB chunk = 1 request). First 1M requests/month free. Standard cheaper than FIFO | Per publish + per delivery (varies by endpoint type: SQS/Lambda free, HTTP/S $0.60/million, SMS varies by country) | Per event published to custom/partner buses ($1.00/million events). Default bus (AWS service events) free. Pipes, Scheduler, Archive have separate pricing | Per shard-hour + per PUT payload unit (25 KB). Enhanced Fan-Out: per shard-hour + per GB retrieved. Extended retention: additional per shard-hour |
Visibility Timeout Visibility timeout is SQS-specific. If a consumer fails within the timeout, message becomes visible again. Set timeout > max processing time to avoid duplicate delivery. | 0 seconds to 12 hours (default: 30 seconds); prevents duplicate processing during consumer work | Not applicable — push model, no visibility concept | Not applicable — event delivered once to matched targets | Not applicable — consumers track position via sequence numbers/shard iterator |
Max Subscribers / Targets SNS supports massive fan-out. EventBridge has 300 targets per rule limit. Kinesis Enhanced Fan-Out 20-consumer limit is a common exam trap for high-fan-out streaming scenarios. | N/A — point-to-point; multiple consumers compete for same messages | Up to 12.5 million subscriptions per topic (Standard); adjustable | Up to 300 targets per rule (adjustable); up to 300 rules per event bus | Unlimited consumers via standard polling (shared 2 MB/s); up to 20 registered consumers for Enhanced Fan-Out per stream |
Schema Registry / Discovery EventBridge Schema Registry is unique — it automatically infers event schemas and can generate typed code bindings in Java, Python, TypeScript. Key differentiator for event-driven development. | No schema registry | No schema registry | Built-in Schema Registry; auto-discovers schemas from events; generates code bindings | No native schema registry; use Glue Schema Registry with Kinesis |
Cross-Account / Cross-Region EventBridge Global Endpoints provide active-active cross-region event routing with automatic failover — unique capability for multi-region event-driven architectures. | Cross-account via resource policy; cross-region requires application-level routing | Cross-account subscriptions supported; cross-region topic subscriptions supported | Native cross-account and cross-region event routing via event bus policies and Global Endpoints | Cross-account via resource policy; cross-region requires application-level replication |
Typical Use Cases Scenario keywords: 'decouple'=SQS, 'notify many'=SNS, 'third-party events/SaaS/schedule'=EventBridge, 'real-time stream/analytics/replay'=Kinesis | Task queues, order processing, decoupling microservices, buffer for spiky workloads, batch job queuing | Fan-out notifications, alert broadcasting, mobile push, email/SMS alerts, triggering multiple Lambda functions | Event-driven microservices, SaaS integrations, CloudTrail-based automation, scheduled events (cron), application state change routing | Real-time analytics, log aggregation, clickstream processing, IoT telemetry, ML feature pipelines, audit trails |
Lambda Integration SQS → Lambda: polling, batched, at-least-once. SNS → Lambda: push, per-message, synchronous invocation. EventBridge → Lambda: async, filtered. Kinesis → Lambda: ordered per shard, parallelizable. | Lambda polls SQS (event source mapping); batch size 1–10,000; bisect-on-error supported | Lambda triggered synchronously on every SNS publish; no batching | Lambda invoked asynchronously as rule target; up to 5 targets per rule can be Lambda | Lambda polls via event source mapping; batch window + batch size configurable; parallelization factor per shard |
FIFO Support SNS FIFO topics can ONLY deliver to SQS FIFO queues. You cannot subscribe Lambda or HTTP endpoints to an SNS FIFO topic. This is a critical exam trap. | Native FIFO queue type; MessageGroupId for ordering; MessageDeduplicationId for dedup; .fifo suffix required | Native FIFO topic type; must pair with SQS FIFO subscribers only | No FIFO support; no ordering guarantees | Ordered within shard by sequence number; partition key determines shard assignment |
Summary
SQS is your workhorse for durable, decoupled task queuing with pull-based consumers. SNS excels at instant fan-out push notifications to multiple heterogeneous subscribers. EventBridge is the event router of choice for content-based routing, SaaS integrations, and scheduled automation. Kinesis owns the real-time ordered streaming use case where multiple consumers need to independently replay high-volume data streams.
🎯 Decision Tree
Need to DECOUPLE two services with a buffer? → SQS. Need to NOTIFY/ALERT multiple subscribers simultaneously? → SNS. Need to ROUTE events based on content, integrate with SaaS, or schedule tasks? → EventBridge. Need REAL-TIME STREAMING with ordering, replay, or multiple independent consumers? → Kinesis. Need fan-out AND durability? → SNS + SQS (fan-out pattern). Need ordered fan-out? → SNS FIFO → SQS FIFO. Need streaming analytics? → Kinesis → Lambda/Firehose/Analytics.
SNS FIFO topics can ONLY deliver to SQS FIFO queues — no Lambda, no HTTP, no email subscribers. If a question asks about ordered fan-out to Lambda, the answer involves SNS Standard → Lambda (unordered) or a different architecture entirely.
Kinesis shard read throughput (2 MB/s) is SHARED among all standard consumers on that shard. With multiple consumers, each gets a fraction. Enhanced Fan-Out gives each registered consumer a dedicated 2 MB/s — use it when multiple consumers need full throughput from the same stream.
SQS messages are NOT automatically sent to DLQ when they expire via retention period — they are simply deleted. DLQ only receives messages that exceed the maxReceiveCount (failed processing attempts). This distinction appears frequently in exam scenarios about message loss.
EventBridge is the ONLY service with native third-party SaaS partner event sources (Salesforce, Zendesk, GitHub, Datadog, etc.) and API Destinations for outbound HTTP calls. Any exam scenario mentioning SaaS events or webhook-style integrations points to EventBridge.
The fan-out pattern (SNS + SQS) combines both services: SNS publishes once and fans out to multiple SQS queues, each with its own independent consumers. This solves the problem of SNS having no persistence — SQS provides the durability buffer for each subscriber.
EventBridge default event bus receives AWS service events (EC2 state changes, S3 events via CloudTrail, etc.) for FREE. Custom event buses and partner event buses cost $1.00 per million events. Scenarios asking about reacting to AWS service events cheaply → EventBridge default bus.
SQS FIFO queue names MUST end with '.fifo' suffix. Forgetting this causes queue creation failure. Similarly, SNS FIFO topic names must end with '.fifo'. This appears in developer exam scenarios about queue creation errors.
EventBridge Pipes provide point-to-point integration with optional filtering, enrichment (via Lambda/Step Functions/API Gateway), and transformation between a single source and single target. Use Pipes when you need to enrich events before routing; use event buses for complex multi-target routing.
The #1 exam trap: SNS FIFO topics can ONLY deliver to SQS FIFO queues — candidates assume SNS FIFO works with Lambda subscribers like Standard SNS does. Combined with the second most common trap: SQS competing consumers means messages go to ONE consumer, not all — when you need all consumers to process every message, you need SNS fan-out to separate SQS queues, not multiple consumers on one queue.
CertAI Tutor · DEA-C01, DOP-C02, CLF-C02, SAA-C03, SAP-C02, DVA-C02, SCS-C02 · 2026-02-22
Services
Comparisons