Investigating AWS Push Notifications for Unity3d from Parse Users: Dependencies and Pitfalls

Like a lot of Unity development studios that use Parse, we’ve been researching ways to migrate away from it, since Facebook unceremoniously closed it. Plus, it’s fun to play with these new solutions and see how they do things differently.

This post is for some pitfalls that we found weren’t really documented online. So this isnt a full walkthrough, but it dives into all the dependencies.

Cool thing about SNS: It’s not platform-specific at all. It is clearly built for you to push to an array of devices. Which is going to eventually save you a lot of time if you build cross-platform like us.

The Unity developer guide is HERE, and it’s not super detailed on push.

The interested thing (and different from Parse) is that SNS uses endpoints. So whatever device you’re on, if you allow notifications (like on iOS when it says “let X app do push notifications?”), then behind the scenes, you allow it to create an endpoint. Essentially, it’s a platform agnostic permission, and it’s pretty clear that they thought this through from a modern, multi platform standpoint. If you're used to Parse, you're probably used to using installation device tokens to do push notification. AWS is basically abstracting it out a step from that, so it works the same on their console regardless of device.

Dependencies and Identities

The thing we found out that the Unity guide doesnt really delve into is how to send a non-sandbox (dev key) push.

The unity guide tells you how to set up the development/sandbox mode, but not the production mode. If you do that, xcode will error out and tell you that you need a Identity Pool ID. These are managed on AWS by Cognito (their mobile identity management tool). And here is where it becomes one of those multiple dependency situations.

In cognito, you create the identity pool and allow it to use Unauthenticated identities (checkbox). If you do that, you can use this Identity Pool with Unity push.

However, you aren't there yet, and this was the hard part to find online. That pool uses Roles.

Even though you were initially manipulating the Identity Pools in Cognito with Roles, the IAM Roles aren’t editable there (even though it seems like that would make sense).

So you need to find the IAM console in AWS. That looks like this.


Inside that console, you need to find the role and the Edit Policy field, below.

Once you find that Edit button, you’ll see a small file you can edit.

You need to add sns:CreatePlatformEndpoint. Once you add that, you can push to this role. Double check to make sure this one is the same Role that’s plugged in to your Identity pool.


So in summary, here’s the basic chain of dependencies:

  • Apple Push Certificate plugged into AWS.
  • AWS ARN code.
  • Identity Pool on AWS Incognito.
  • Role that’s in your Pool must have permission to push.
  • Device allows notification and thus creates an Endpoint at runtime.

If you look at the AWS example project, here is where you plug things in:



If all that is linked together, you can Publish a push to any legit endpoint that you have in your SNS console.