I have been using Gamelift with a Unity build for my game logic for a while. I have also been using Lambda and DynamoDB together successfully for a while as well. I am now trying to save match results directly to a dynamo table from instances on my Gamelift fleet and am getting very strange results. I use Cloudformation to deploy all my matchmaking configurations, dynamo tables, and also lambda functions that the user game client connects to. Since my gamelift servers are a trusted entity, I am trying to give access to my fleet for full access to DynamoDB. My gamelift server build is using AWSSDKDynamoDBv2 version 3.3.0.0
I have created an IAM role that has a Policy and AssumeRolePolicyDocument that should give access to my fleet to access Dynamo. This appears to be attached to the fleet successfully and everything looks correct in the AWS console. I am able to read from the table and successfully get items from the table, but when I try to save items I get an error:
WebException: The remote server returned an error: (400) Bad Request.
and I see this in the stacktrace (i blanked out the account info excuse the asterisks):
Rethrow as AmazonDynamoDBException: User: arn:aws:sts::7**1:assumed-role/DevAppStack--AppInstanceRole-/i-************* is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-west-2:7**********1:table/ClosedBetaPlayerData because no identity-based policy allows the dynamodb:DescribeTable action
On the surface it looks like a role issue, but what is weird about this is that the account id in the arn is not the account ID of my AWS account. I have no idea what this account ID is and do not understand why my gamelift server has the assumed-role of this unknown account ID. I have already spoken to someone with account support and verified that there is no connection between the id I see here and my aws account.
Has anyone else dealt with something similar to this? What am I missing? Thanks in advance for the help!
