- Newest
- Most votes
- Most comments
Hello.
IAM settings are slightly different if you are using GameLift SDKv5.
As described in the document below, in order to output logs from GameLift fleet to CloudWatch Logs with CloudWatch Agent, you need to configure something called "shared credentials".
I think the GameLift fleet is failing to assume the appropriate IAM role, resulting in a failure to connect via Session Manager.
https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-server-resources.html#gamelift-sdk-server-resources-roles
For non-server applications that are deployed with game server builds using server SDK 5.x, add code to get and use credentials stored in a shared file. Amazon GameLift generates a credentials profile for each fleet instance. The credentials are available for use by all applications on the instance. > Amazon GameLift continually refreshes the temporary credentials.
You must configure a fleet to generate the shared credentials file on fleet creation.
In each application that needs to use the shared credentials file, specify the file location and profile name, as follows:
Windows:
[credentials]
shared_credential_profile= "FleetRoleCredentials"
shared_credential_file= "C:\Credentials\credentials"Linux:
[credentials]
shared_credential_profile= "FleetRoleCredentials"
shared_credential_file= "/local/credentials/credentials"
Example: Set up a CloudWatch agent to collect metrics for Amazon GameLift fleet instancesIf you want to use an Amazon CloudWatch agent to collect metrics, logs, and traces from your Amazon GameLift fleets, use this method to authorize the agent to emit the data to your account. In this scenario, take the following steps:
- Retrieve or write the CloudWatch agent config.json file.
- Update the common-config.toml file for the agent to identify the credentials file name and profile name, as described above.
- Set up your game server build install script to install and start the CloudWatch agent.
I understand your frustration with trying to access logs for your GameLift fleet instances. The situation you're describing highlights some of the unique challenges when working with GameLift compared to standard EC2 instances. Let me address your concerns and provide some potential solutions:
-
Regarding logs not appearing in S3: This could be due to incorrect permissions or configuration. Double-check that your GameLift fleet role has the necessary permissions to write to the S3 bucket, and that the S3 logging is correctly set up in your fleet configuration.
-
For CloudWatch logs not appearing: Ensure that the IAM role attached to your GameLift fleet has the required permissions for CloudWatch. Also, verify that the CloudWatch agent configuration is correctly set up for GameLift instances, as there might be slight differences compared to standard EC2 instances.
-
The "Target not connected" error with Session Manager could be due to several reasons specific to GameLift:
- Ensure that your IAM user or role has the necessary permissions to use Systems Manager with GameLift instances.
- Verify that the VPC where your GameLift fleet is deployed has the required VPC endpoints for Systems Manager.
- Check if the security group associated with your GameLift instances allows the necessary inbound traffic for Systems Manager.
As an alternative approach, you might want to consider using the GameLift API, specifically the GetInstanceAccess
operation. This can provide you with credentials to connect to a specific instance in your fleet. You could then use these credentials to establish an SSH connection and access your logs directly.
Another option is to use GameLift's built-in log routing feature to send your game server logs to CloudWatch Logs automatically. This can be set up when you create or update your fleet, and it doesn't require additional configuration on the instances themselves.
If you're still unable to access your logs, you may want to contact AWS Support for GameLift-specific troubleshooting, as they can provide more tailored assistance for your particular setup.
Remember, while GameLift uses EC2 instances under the hood, the management and access patterns are different, which is why standard EC2 troubleshooting guides may not always apply directly.
Sources
DescribeInstances - Amazon GameLift
Steps to connect GameLift fleets and user-managed VPCs with VPC peering | AWS re:Post
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago