Articles

RDS Event Notifications via SNS: Alert on Key Events (2026)

April 18, 2026 4 min read

RDS Event Notifications via SNS: Alert on Key Events

The most surprising thing about RDS event notifications is that they don’t just tell you what happened, but why it’s about to happen, or why it already did and is now broken.

Let’s see it in action. Imagine a critical database event, like a backup failing. This isn’t just a notification; it’s a chain reaction.

First, the RDS instance itself detects an issue. Let’s say its automated backup process, which runs on a schedule, encounters an error. Instead of silently failing or just logging it locally, it’s configured to publish an event.

Here’s a snippet of what that event might look like in CloudWatch Logs, if you’ve enabled that integration:

{
    "version": "0",
    "id": "abcdef12-3456-7890-abcd-ef1234567890",
    "detail-type": "RDS-EVENT",
    "source": "aws.rds",
    "account": "123456789012",
    "time": "2023-10-27T10:00:00Z",
    "region": "us-east-1",
    "resources": [
        "arn:aws:rds:us-east-1:123456789012:db:my-production-db"
    ],
    "detail": {
        "EventCategories": [
            "backup",
            "failure"
        ],
        "SourceType": "DBInstance",
        "SourceArn": "arn:aws:rds:us-east-1:123456789012:db:my-production-db",
        "Message": "DB instance backup failed. Error: Insufficient storage available for backup.",
        "EventID": "RDS-EVENT-0001",
        "Date": "2023-10-27T10:00:00Z"
    }
}

This event, with EventCategories like "backup" and "failure", is then published. Where does it go? To an Amazon Simple Notification Service (SNS) topic that you’ve subscribed your RDS instance to.

Now, you’ve configured this SNS topic. You might have a subscription for an email address (e.g., ops-team@example.com), a Slack channel via an SNS integration, or even an AWS Lambda function to perform automated remediation.

The key here is the decoupling. RDS doesn’t need to know how you want to be alerted. It just needs to know what happened. SNS acts as the central hub, broadcasting this information to all interested parties.

The problem this solves is operational visibility and rapid response. Without this, you’re left digging through logs or relying on scheduled checks that might miss critical, time-sensitive failures. You could have a backup fail, and without an alert, you might not discover it until you desperately need to restore and find your backups are incomplete or non-existent.

The internal mechanics are straightforward:

  1. RDS Event Generation: RDS monitors its own health and operational status. When specific events occur (e.g., instance restarts, parameter group changes, backup failures, performance degradation thresholds breached), it generates an event message.
  2. Event Subscription: You configure your RDS instance to publish these events to a specific SNS topic. This is done in the RDS console under "Modify" for your instance, in the "Log exports" and "Event notification" sections. You select an existing SNS topic or create a new one.
  3. SNS Topic: This is the message bus. It holds the events published by RDS.
  4. SNS Subscriptions: You create subscriptions to this SNS topic. These can be email, SMS, SQS queues, HTTP/S endpoints, or Lambda functions. When an event arrives at the topic, SNS fans it out to all active subscriptions.

The specific levers you control are:

  • Event Categories: You can choose which types of events trigger notifications. For instance, you might want alerts for "backup", "failure", and "performance", but not for "maintenance". This granular control prevents alert fatigue.
  • SNS Topic: You choose which SNS topic to send events to, allowing you to route different types of events to different alert destinations.
  • Subscription Protocols: You choose how you want to receive the alerts (email, SMS, etc.).
  • Lambda Triggers: For automated actions, you can trigger a Lambda function directly from the SNS topic. This Lambda could, for example, attempt to restart a failing instance or scale up storage if the failure is due to space.

The "detail" field in the JSON event is crucial. It contains SourceType, SourceArn, Message, and EventCategories. The Message field often contains the most direct explanation of what went wrong. For example, if a backup fails, the message might explicitly state "Insufficient storage available for backup" or "KMS key is disabled". This level of detail is what makes the notifications actionable, rather than just a generic "something happened".

When you configure event notifications, you don’t just select "all events." You select specific Event Categories. Common categories include: backup, restore, maintenance, configuration change, performance, error, instance lifecycle, storage. You can see the full list in the AWS documentation. For critical alerts, you’d typically select failure, error, and backup related events.

The next concept to explore is how to automate responses to these notifications using AWS Lambda.

Want structured learning?

Take the full Rds course →