GameLift Managed Containers and Certificates

0

I want to use Managed Containers with GameLift, but I have a requirement to to apply TLS to the endpoints. I'm struggling to find documentation about whether Managed Container fleets support TLS certificates, and if so how to find them. I've tried calling Aws::GameLift::Server::GetComputeCertificate() but I just get a Bad Request Exception. Cloudformation doesn't appear to have any explicit settings to enable it like other managed fleets do.

I will try adding more logging to the SDK to see if I can learn anything more, but I thought I'd ask in case anyone has already resolved this?

1 Answer
0

Hello Adam, thank you for reaching out on your question about using TLS certificates with Amazon GameLift Managed Containers. I understand you're facing challenges in finding documentation and implementing TLS for your Managed Container fleet endpoints. Let me address your concerns and provide some guidance.(NOTE: Remember to always follow AWS security best practices, especially when dealing with certificates and sensitive information. If you implement any workarounds, ensure they meet your security requirements and consider them temporary solutions while seeking a more standard approach.)

Currently, there is limited documentation specifically addressing TLS certificate support for GameLift Managed Container fleets. This explains the difficulty you've encountered in finding clear information. However, I can provide some insights and suggestions:

TLS Support: While Managed EC2 fleets have explicit TLS certificate configuration options, Managed Container fleets handle this differently. The lack of explicit CloudFormation settings for TLS in Managed Container fleets doesn't necessarily mean it's unsupported.

SDK Issues: The Bad Request Exception you're receiving when calling Aws::GameLift::Server::GetComputeCertificate() could be due to various reasons, including potential differences in how certificates are handled in container environments.

Logging: Your approach to add more logging to the SDK is a good troubleshooting step. This can help you gather more information about what's happening when you try to access the certificate.

Alternative Approaches:

  1. Check for certificate files: In Managed EC2 fleets, certificate files are typically stored in specific locations. For containers, you might want to check if similar files exist in your container environment.
  2. Environment variables: Look for any environment variables that might contain certificate information or paths.
  3. AWS Systems Manager Parameter Store: Consider checking if certificate information is stored here, as it's a common practice for managing secrets in containerized environments.

Workaround: If TLS at the GameLift level proves challenging, you might consider implementing TLS at the application level within your game servers. This would require more work on your end but could provide a temporary solution.

To verify if you've resolved the issue:

  1. Successfully retrieve and load the TLS certificate in your application.
  2. Establish a secure connection using this certificate.
  3. Verify the connection is encrypted using appropriate tools or logging.

If you continue to face issues, I would recommend reaching out to AWS Support. They can provide specific guidance tailored to your setup and potentially escalate any underlying issues if TLS support is indeed limited for Managed Container fleets.

Additional Resources:

CertificateConfiguration - Amazon GameLift

AWS::GameLift::Fleet CertificateConfiguration - AWS CloudFormation

Amazon GameLift server SDK 5.x for C++ -- Data types - Amazon GameLift

Hopefully this helps provide some direction on your question.

Best wishes and thank you for using AWS!

Brian

profile pictureAWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions