Amazon GameLift supports shared credentials for hosted game servers with server SDK 5.x

2 minute read

Content level: Foundational

The new Amazon GameLift shared credentials feature allows applications that are deployed on GameLift managed EC2 fleets to interact with other AWS resources.

We are excited to announce the new Amazon GameLift shared credentials feature that allows applications that are deployed on GameLift managed EC2 fleets to interact with other AWS resources. This update enables applications that you bundle and deploy along with game server binaries integrated with server SDK version 5.x or later.

The game server build that you deploy to managed EC2 instances with Amazon GameLift can include multiple applications, including game server executables and auxiliary ones such as the Amazon CloudWatch agent. If any of these applications needs to access any other AWS services that you own or have access to, it needs explicit permission. You define those permissions by creating an IAM role and specifying who can use it. When you create a fleet, you include the role using the parameter InstanceRoleArn. Then in any application deployed to the fleet, use one of the following methods get temporary access credentials as defined in the role:

For game server builds with server SDK 5.x:
- For your game server executable, which is built with the server SDK, call GetFleetRoleCredentials to retrieve credentials.
- For auxiliary applications, enabled shared credentials for the fleet and in the application add code to retrieve credentials from the shared file.
For game server builds with server SDK 4.x or earlier: With all applications, add code to use the AWS Security Token Service (AWS STS) API AssumeRole to retrieve credentials.

If you want to deploy your game server build with an Amazon CloudWatch agent to collect EC2 instance metrics and other data, the agent needs permission to interact with your CloudWatch resources. To do this, you first set up an AWS Identity and Access Management (IAM) role with permissions to use the CloudWatch resources, and then configure a fleet with the IAM role and shared credentials enabled. When Amazon GameLift deploys your game server build to each EC2 instance, it generates a shared credentials file and stores it on the instance. All applications on the instance can use the shared credentials. Amazon GameLift automatically refreshes the temporary credentials throughout the life of the instance.

To learn more, check out the Release Notes.

Thanks, Sachin Gupta, PM, Amazon GameLift

Topics

Game Tech Compute

Relevant content

Amazon GameLift releases a new version of the server SDKs and game engine plugins
EXPERT
Sachin
published 2 months ago
Amazon GameLift launches support for Windows Server 2016
EXPERT
Sachin
published a year ago
[Announcement] Amazon GameLift expands SDK support for Unity based game developers.
EXPERT
Sachin
published 9 months ago
Amazon Gamelift: How to tell what VPC the servers are running in - Verifying Servers' access to backend services
rePost-User-1475035
asked 2 years ago
Amazon GameLift Server SDK Update, v4.0.2
rePost-User-4271304
asked 3 years ago
GameLift Hosting for existing game
rePost-User-6659457
asked 3 years ago
How do I configure Amazon RDS Oracle DB instances to work with shared servers?
AWS OFFICIALUpdated 4 years ago
What are the factors that influence downtime for Amazon Aurora DB clusters?
AWS OFFICIALUpdated a year ago
What are best practices to secure my Linux server that's running on Lightsail?
AWS OFFICIALUpdated 3 months ago
How can I connect my file gateway's NFS file share to my Windows Server?
AWS OFFICIALUpdated 2 years ago