Listeners

Listeners are the entry points to your UDP Gateway system. Think of a Listener as a virtual UDP server that receives packets from clients on the internet and forwards them to your AWS resources for processing. Each Listener provides you with a domain name and port number that your clients can connect to.

How Listeners Work

When you create a Listener, Proxylity automatically assigns it:

• A domain name - One of Proxylity's ingress domains that your clients will connect to
• A port number - A free UDP port on that domain for your exclusive use
• Static anycast IP addresses - Multiple IP addresses for reliability and global distribution

Once created, your Listener is immediately ready to receive UDP traffic from anywhere on the internet. Packets sent to your Listener's domain and port are automatically forwarded to the Destinations you've configured.

Listeners and Destinations

Listeners are typically connected to one or more Destinations, which define where incoming packets should be delivered in your AWS account. While a Listener without destinations won't process packets, you might keep such Listeners to preserve their assigned port numbers or for staging purposes. Destinations can be AWS services like:

• Lambda functions - For processing packets and generating responses
• S3 buckets - For storing packet data
• DynamoDB tables - For structured packet storage
• Data Firehose streams - For high-volume data ingestion
• SQS queues - For asynchronous packet processing
• And more

You can add multiple Destinations to a single Listener, and you can change which Destinations are connected at any time without affecting your clients.

Client Restrictions

For security, each Listener includes Client Restrictions that control which IP addresses or networks are allowed to send packets to your Listener. This helps protect your AWS resources from unwanted traffic and potential abuse.

Client Restrictions can be configured to:

• Allow traffic from specific IP addresses or CIDR blocks
• Block traffic from certain regions or countries
• Apply rate limiting to prevent abuse

Managing Listeners

Listeners can be created and managed in two ways:

Infrastructure as Code (Recommended)

The preferred way to manage Listeners is through AWS CloudFormation using Proxylity's custom resource types. This approach provides:

• Version control and reproducible deployments
• Integration with your existing AWS infrastructure
• Automated provisioning and teardown
• Consistent configuration across environments

To get started with CloudFormation, see our Getting Started guide and explore the working examples in our examples repository.

Dashboard

For quick testing, prototyping, or one-off configurations, you can also manage Listeners through the Proxylity Dashboard. From the web interface you can:

• Create new Listeners
• View your Listener's domain name, port, and IP addresses
• Add or remove Destinations
• Configure Client Restrictions
• Monitor usage

Packet Sources

While Listeners are designed to receive inbound UDP traffic, sometimes your application needs to initiate UDP delivery to a client without waiting for an inbound packet. Packet Sources enable this by binding an SNS topic in your account to a Listener. Your application publishes to the SNS topic and Proxylity delivers the packets through the Listener's egress path — maintaining the same source IP and port that clients already know.

Packet Sources support both plain UDP Listeners and WireGuard Listeners, with WireGuard requiring a peer key for session selection and, when DecapsulatedDelivery is enabled, inner IP addressing for re-encapsulation. See Packet Sources for full details.

Important Considerations

When working with Listeners, keep these points in mind:

• Port numbers are not recoverable - When you delete a Listener, its port number may be immediately reused for another customer and cannot be recovered
• Global distribution - Your Listener's domain resolves to multiple IP addresses distributed globally for optimal performance
• Always-on - Listeners are ready to receive traffic 24/7 once created
• Flexible configuration - You can modify Destinations and Client Restrictions at any time