Amazon GameLift supports shared credentials for hosted game servers with server SDK 5.x
2 minute read
The new Amazon GameLift shared credentials feature allows applications that are deployed on GameLift managed EC2 fleets to interact with other AWS resources.
We are excited to announce the new Amazon GameLift shared credentials feature that allows applications that are deployed on GameLift managed EC2 fleets to interact with other AWS resources. This update enables applications that you bundle and deploy along with game server binaries integrated with server SDK version 5.x or later.
The game server build that you deploy to managed EC2 instances with Amazon GameLift can include multiple applications, including game server executables and auxiliary ones such as the Amazon CloudWatch agent. If any of these applications needs to access any other AWS services that you own or have access to, it needs explicit permission. You define those permissions by creating an IAM role and specifying who can use it. When you create a fleet, you include the role using the parameter InstanceRoleArn. Then in any application deployed to the fleet, use one of the following methods get temporary access credentials as defined in the role:
For game server builds with server SDK 5.x:
For your game server executable, which is built with the server SDK, call GetFleetRoleCredentials to retrieve credentials.
For auxiliary applications, enabled shared credentials for the fleet and in the application add code to retrieve credentials from the shared file.
For game server builds with server SDK 4.x or earlier: With all applications, add code to use the AWS Security Token Service (AWS STS) API AssumeRole to retrieve credentials.
If you want to deploy your game server build with an Amazon CloudWatch agent to collect EC2 instance metrics and other data, the agent needs permission to interact with your CloudWatch resources. To do this, you first set up an AWS Identity and Access Management (IAM) role with permissions to use the CloudWatch resources, and then configure a fleet with the IAM role and shared credentials enabled. When Amazon GameLift deploys your game server build to each EC2 instance, it generates a shared credentials file and stores it on the instance. All applications on the instance can use the shared credentials. Amazon GameLift automatically refreshes the temporary credentials throughout the life of the instance.