Hello,
I'm trying to figure out how to RDP to an EC2 instance of a GameLift fleet server (using SDK 5). I'm following this guide:
https://awscloudsecvirtualevent.com/workshops/module1/rdp/
But i seem to be struggling at the last stages where i need to use this command:
aws ssm start-session --target <instance-id> --document-name AWS-StartPortForwardingSession --parameters "localPortNumber=55678,portNumber=3389"
It's giving me this error:
An error occurred (AccessDeniedException) when calling the StartSession operation: User: arn:aws:sts::123456:assumed-role/FleetServiceEC2Access-DataPlaneRole-FRA/FleetsService-GetComputeAccess-1234-1234-1234-1234-1234 is not authorized to perform: ssm:StartSession on resource: arn:aws:ssm:eu-central-1::document/AWS-StartPortForwardingSession because no session policy allows the ssm:StartSession action
Any idea what kind of policy i need to add? (Already using the "AmazonSSMFullAccess" policy on the user)
Or is there a better way of getting RDP access to the GameLift server?
Fleet Manager is not showing my GameLift fleets. Do I need to setup something special for it?
P.S. Using a different account to answer as I was using a root user before which doesn't have a profile
Looks like you have to do it a different way. Have you followed these instructions https://docs.aws.amazon.com/gamelift/latest/developerguide/fleets-remote-access.html
Yes i did, but it seems that the documentation is deprecated because it's suggesting to use get-instance -access (https://docs.aws.amazon.com/cli/latest/reference/gamelift/get-instance-access.html) which in its documentation says to use GetComputeAccess if using SDK 5.x, or else the get-instance -access gives you an error
And GetComputeAccess requires you to use the session manager