Set up FlexMatch event notifications - Amazon GameLift
Set up EventBridge eventsSet up an Amazon SNS topicSet up an SNS topic with server-side encryptionConfigure a topic subscription to invoke a Lambda function

Set up FlexMatch event notifications

You can use event notifications to track the status of individual matchmaking requests. All games in production, or in pre-production with high-volume matchmaking activity should use event notifications.

There are two options for setting up event notifications.

  • Have your matchmaker publish event notifications to an Amazon Simple Notification Service (Amazon SNS) topic.

  • Use automatically published Amazon EventBridge events and its suite of tools for managing events.

For a list of the FlexMatch events that Amazon GameLift emits, see FlexMatch matchmaking events.

Set up EventBridge events

Amazon GameLift automatically posts all matchmaking events to Amazon EventBridge. With EventBridge, you can set up rules to have matchmaking events routed to targets for processing. For example, you can set a rule to route the event "PotentialMatchCreated" to an AWS Lambda function that handles player acceptances. For more information, see What is Amazon EventBridge?

Note

When you configure your matchmakers, keep the notification target field empty or reference an SNS topic if you want to use both EventBridge and Amazon SNS.

Set up an Amazon SNS topic

You can have Amazon GameLift publish all events that a FlexMatch matchmaker generates to an Amazon SNS topic.

To create an SNS topic for Amazon GameLift event notifications

  1. Open the Amazon SNS console.

  2. In the navigation pane, choose Topics.

  3. On the Topics page, choose Create topic.

  4. Create a topic in the console. For more information, see To create a topic using the AWS Management Console in the Amazon Simple Notification Service Developer Guide.

  5. On the Details page for your topic, choose Edit.

  6. (Optional) On the Edit page for your topic, expand Access policy, then add the bold syntax from the following AWS Identity and Access Management (IAM) policy statement to the end of your existing policy. (The entire policy is shown here for clarity.) Be sure to use the Amazon Resource Name (ARN) details for your own SNS topic and Amazon GameLift matchmaking configuration.

    {
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish"
      ],
      "Resource": "arn:aws:sns:your_region:your_account:your_topic_name",
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "your_account"
        }
      }
    },
    {
      "Sid": "__console_pub_0",
      "Effect": "Allow",
      "Principal": {
        "Service": "gamelift.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:your_region:your_account:your_topic_name",
      "Condition": {
        "ArnLike": {
          "aws:SourceArn": "arn:aws:gamelift:your_region:your_account:matchmakingconfiguration/your_configuration_name"
        }
      }
    }
  ]
}

  7. Choose Save changes.

Set up an SNS topic with server-side encryption

You can use server-side encryption (SSE) to store sensitive data in encrypted topics. SSE protects the contents of messages in Amazon SNS topics using keys managed in AWS Key Management Service (AWS KMS). For more information about server-side encryption with Amazon SNS, see Encryption at rest in the Amazon Simple Notification Service Developer Guide.

To set up an SNS topic with server-side encryption, review the following topics:

When creating your KMS key, use the following KMS key policy:

{ 
  "Effect": "Allow", 
  "Principal": { 
    "Service": "gamelift.amazonaws.com" 
  },
  "Action": [
      "kms:Decrypt",
      "kms:GenerateDataKey"
  ],
  "Resource": "*",
  "Condition": {
      "ArnLike": { 
        "aws:SourceArn": "arn:aws:gamelift:your_region:your_account:matchmakingconfiguration/your_configuration_name" 
      },
      "StringEquals": { 
        "kms:EncryptionContext:aws:sns:topicArn": "arn:aws:sns:your_region:your_account:your_sns_topic_name" 
      }
  }
}

Configure a topic subscription to invoke a Lambda function

You can invoke a Lambda function using event notifications published to your Amazon SNS topic. When configuring the matchmaker, be sure to set the notification target to your SNS topic's ARN.

The following AWS CloudFormation template configures a subscription to an SNS topic named MyFlexMatchEventTopic to invoke a Lambda function named FlexMatchEventHandlerLambdaFunction. The template creates an IAM permissions policy that allows Amazon GameLift to write to the SNS topic. The template then adds permissions for the SNS topic to invoke the Lambda function.

FlexMatchEventTopic:
  Type: "AWS::SNS::Topic"
  Properties:
    KmsMasterKeyId: alias/aws/sns #Enables server-side encryption on the topic using an AWS managed key 
    Subscription:
      - Endpoint: !GetAtt FlexMatchEventHandlerLambdaFunction.Arn
        Protocol: lambda
    TopicName: MyFlexMatchEventTopic

FlexMatchEventTopicPolicy:
  Type: "AWS::SNS::TopicPolicy"
  DependsOn: FlexMatchEventTopic
  Properties:
    PolicyDocument:
      Version: "2012-10-17"
      Statement:
        - Effect: Allow
          Principal:
            Service: gamelift.amazonaws.com
          Action:
            - "sns:Publish"
          Resource: !Ref FlexMatchEventTopic
    Topics:
      - Ref: FlexMatchEventTopic

FlexMatchEventHandlerLambdaPermission:
  Type: "AWS::Lambda::Permission"
  Properties:
    Action: "lambda:InvokeFunction"
    FunctionName: !Ref FlexMatchEventHandlerLambdaFunction
    Principal: sns.amazonaws.com
    SourceArn: !Ref FlexMatchEventTopic