E. Adjust the Execution Role

Next, we need to make sure that your application is using an IAM Role with the proper permissions to execute your WebSocket API when launching a synchronous start game.

Adjust the WebSocket IAM Role for API Execution

  1. Navigate to the AWS IAM Dashboard.
  2. Click Roles on the lefthand side of the window.
  3. Search for <YourEnvironmentName>WebSocketSynchronizeStartFn_Role and click on it.
  4. Select Add inline policy.
  5. Select JSON. Copy and paste the JSON below: (Note the placeholder for the WebSocket ARN)
{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "execute-api:Invoke",
            "execute-api:ManageConnections"
        ],
        "Resource": "<Your-WebSocket-ARN>"
    }
]
}
  1. To complete the above step, you’ll need to know the WebSocket ARN to paste into ‘Resource’. In a separate tab, navigate to the Amazon API Gateway Console.

  2. Select the WebSocket you just created.

  3. Click on the $connect route.

  4. Copy the ARN underneath the Route Request up until $connect (including the “/*").

    • The ARN should take the form: arn:aws:execute-api:{region}:{account ID}:{API ID}/*
  5. Navigate back to your IAM Dashboard and paste in the websocket ARN.

  6. Click Review Policy.

  7. For name enter, Invoke-Api-Policy.

  8. Select Create Policy.

Stuck? Click here for a Fast Fix