# Set up FlexMatch event notifications Set up event notifications You can use event notifications to track the status of individual matchmaking requests. All games in production, or in pre-production with high-volume matchmaking activity should use event notifications. There are two options for setting up event notifications. + Have your matchmaker publish event notifications to an Amazon Simple Notification Service (Amazon SNS) topic. + Use automatically published Amazon EventBridge events and its suite of tools for managing events. For a list of the FlexMatch events that Amazon GameLift Servers emits, see [FlexMatch matchmaking events](match-events.md). **Important** For high-volume matchmaking systems, we recommend using standard (non-FIFO) Amazon SNS topics rather than FIFO topics. FIFO topics have lower publishing limits than standard topics, which can lead to throttling exceptions during high load. If you experience throttling with FIFO topics, you may lose FlexMatch notifications. **Note** Amazon GameLift Servers automatically handles Amazon SNS delivery failures and throttling with built-in retry logic. When Amazon SNS returns throttling errors or temporary failures, Amazon GameLift Servers retries the notification delivery with progressive delays between attempts. This helps ensure event notifications are delivered reliably. However, notifications may be lost if failures persist after all retry attempts, or for non-retryable errors such as authorization failures or missing topics. **Topics** + [ ## Set up EventBridge events ](#match-notification-cwe) + [ # Tutorial: Set up an Amazon SNS topic ](match-notification-sns.md) + [ # Set up an SNS topic with server-side encryption ](queue-notification-sns-sse.md) + [ # Configure a topic subscription to invoke a Lambda function ](match-notification-lambda.md) ## Set up EventBridge events Amazon GameLift Servers automatically posts all matchmaking events to Amazon EventBridge. With EventBridge, you can set up rules to have matchmaking events routed to targets for processing. For example, you can set a rule to route the event "PotentialMatchCreated" to an AWS Lambda function that handles player acceptances. For more information, see [What is Amazon EventBridge?](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html) **Note** When you configure your matchmakers, keep the notification target field empty or reference an SNS topic if you want to use both EventBridge and Amazon SNS. # Tutorial: Set up an Amazon SNS topic You can have Amazon GameLift Servers publish all events that a FlexMatch matchmaker generates to an Amazon SNS topic. **To create an SNS topic for Amazon GameLift Servers event notifications** 1. Open the [Amazon SNS console](https://console.aws.amazon.com/sns). 1. In the navigation pane, choose **Topics**. 1. On the **Topics** page, choose **Create topic**. 1. Create a topic in the console. For more information, see [To create a topic using the AWS Management Console](https://docs.aws.amazon.com/sns/latest/dg/sns-create-topic.html#create-topic-aws-console) in the *Amazon Simple Notification Service Developer Guide*. 1. On the **Details** page for your topic, choose **Edit**. 1. (Optional) On the **Edit** page for your topic, expand **Access policy**, then add the bold syntax from the following AWS Identity and Access Management (IAM) policy statement to the end of your existing policy. (The entire policy is shown here for clarity.) Be sure to use the Amazon Resource Name (ARN) details for your own SNS topic and Amazon GameLift Servers matchmaking configuration. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Id": "__default_policy_ID", "Statement": [ { "Sid": "__default_statement_ID", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": [ "SNS:GetTopicAttributes", "SNS:SetTopicAttributes", "SNS:AddPermission", "SNS:RemovePermission", "SNS:DeleteTopic", "SNS:Subscribe", "SNS:ListSubscriptionsByTopic", "SNS:Publish" ], "Resource": "arn:aws:sns:us-east-1:111122223333:your_topic_name", "Condition": { "StringEquals": { "AWS:SourceAccount": "111122223333" } } }, { "Sid": "__console_pub_0", "Effect": "Allow", "Principal": { "Service": "gamelift.amazonaws.com" }, "Action": "SNS:Publish", "Resource": "arn:aws:sns:us-east-1:111122223333:your_topic_name", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:gamelift:us-east-1:111122223333:matchmakingconfiguration/your_configuration_name" } } } ] } ``` ------ 1. Choose **Save changes**. # Set up an SNS topic with server-side encryption You can use server-side encryption (SSE) to store sensitive data in encrypted topics. SSE protects the contents of messages in Amazon SNS topics using keys managed in AWS Key Management Service (AWS KMS). For more information about server-side encryption with Amazon SNS, see [Encryption at rest](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html) in the *Amazon Simple Notification Service Developer Guide*. To set up an SNS topic with server-side encryption, review the following topics: + [Creating key](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide* + [Enabling SSE for a topic](https://docs.aws.amazon.com/sns/latest/dg/sns-enable-encryption-for-topic.html) in the *Amazon Simple Notification Service Developer Guide* When creating your KMS key, use the following KMS key policy: ``` { "Effect": "Allow", "Principal": { "Service": "gamelift.amazonaws.com" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:gamelift:your_region:your_account:matchmakingconfiguration/your_configuration_name" }, "StringEquals": { "kms:EncryptionContext:aws:sns:topicArn": "arn:aws:sns:your_region:your_account:your_sns_topic_name" } } } ``` # Configure a topic subscription to invoke a Lambda function You can invoke a Lambda function using event notifications published to your Amazon SNS topic. When configuring the matchmaker, be sure to set the notification target to your SNS topic's ARN. The following AWS CloudFormation template configures a subscription to an SNS topic named `MyFlexMatchEventTopic` to invoke a Lambda function named `FlexMatchEventHandlerLambdaFunction`. The template creates an IAM permissions policy that allows Amazon GameLift Servers to write to the SNS topic. The template then adds permissions for the SNS topic to invoke the Lambda function. ``` FlexMatchEventTopic: Type: "AWS::SNS::Topic" Properties: KmsMasterKeyId: alias/aws/sns #Enables server-side encryption on the topic using an AWS managed key Subscription: - Endpoint: !GetAtt FlexMatchEventHandlerLambdaFunction.Arn Protocol: lambda TopicName: MyFlexMatchEventTopic FlexMatchEventTopicPolicy: Type: "AWS::SNS::TopicPolicy" DependsOn: FlexMatchEventTopic Properties: PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: gamelift.amazonaws.com Action: - "sns:Publish" Resource: !Ref FlexMatchEventTopic Topics: - Ref: FlexMatchEventTopic FlexMatchEventHandlerLambdaPermission: Type: "AWS::Lambda::Permission" Properties: Action: "lambda:InvokeFunction" FunctionName: !Ref FlexMatchEventHandlerLambdaFunction Principal: sns.amazonaws.com SourceArn: !Ref FlexMatchEventTopic ```