How to make server endpoints private for my gamelift servers?



I have API endpoints for writing the score of players after each game from the server. So my worry is, how can I make sure only the server is authorized to invoke the api? Is a resource policy is enough for securing the endpoint with access only for the gamelift fleet or can do a vpc pering with a vpc link> When creating vpc link for restAPI, I came to know that a load balancer is needed. But I dont have any servers to add to a target group that will be added to the NLB as my servers are gamelift managed fleet and only those servers needs to have access on the sensitive endpoints i mentioned. Any thought on bestoractices would be helpful.


1 Answer


You can create a new IAM role that all instances in the fleet will assume to access your API Gateway (AWS Console: Create Fleet | Define fleet details | Additional details | Instance role). See Communicate with other AWS resources from your fleets for more details.

While creating the role you can define a policy that will allow fleet instances to communicate with the API Gateway instance. Additionally you can configure API Gateway endpoints to enforce IAM based authorization for the clients, thus all client requests to the API endpoints will have to be digitally signed with the SigV4 signature. See Control access for invoking an API and How Amazon API Gateway works with IAM for more details.


answered a month ago
  • Hi, Thanks for the reply. I am wondering if doing a VPC peering with a VPC link is needed? Or just a resource policy can make it secure?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions