By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Gamelift>CreateBuild>Choose IAM Role: no IAM role is selectable

0

https://eu-central-1.console.aws.amazon.com/gamelift/builds/create Enter image description here

In the view: Gamelift>Create Build In the required field "IAM Role An IAM role that allows access to the S3 bucket above"

the dropdown does not have any options.

I have created different IAM roles but none of them appear in the dropdown.

Here's one IAM role example: Trust policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Effect": "Allow", "Principal": { "Service": "gamelift.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }

Policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:", "s3-object-lambda:" ], "Resource": "<ARN OF THE S3 BUCEKT/OBJECTNAME.zip" } ] }

I've tried many different combinations of principals, resources, actions for all sorts of roles but none of them show up in the "choose role" dropdown in Create Build view.

I refered to these documents but could not create an IAM role that would show up in the Gamelift > Create Build view in the Console.

https://docs.aws.amazon.com/gamelift/latest/developerguide//security_iam_id-based-policy-examples.html#security_iam_id-based-policy-examples-access-storage-loc https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.S3CreatePolicy.html

3 Answers
1
Accepted Answer

The problem was that my S3 URI was referring to a folder that contained the zip file but it had to refer to the zip file itself. Spent 4 hours today trying to figure out what's wrong. As soon as I accidentally doubleclicked on the Choose s3 bucket > doubleclicked > clicked on the zip file all the roles that I had created showed up as available options. Really really silly

answered 8 days ago
profile picture
EXPERT
reviewed 7 days ago
1

The issue you're experiencing with no IAM roles appearing in the dropdown when creating a build in Amazon GameLift is likely due to missing permissions or an incorrect setup. Here are some steps to troubleshoot and resolve this issue:

  1. Ensure you have the correct permissions to pass IAM roles to GameLift. Your IAM user or role should have the "iam:PassRole" permission. This allows you to pass roles to GameLift when creating builds.

  2. When creating the IAM role for GameLift, make sure to follow these steps:

    • Create a new role
    • Choose AWS service as the trusted entity
    • Select GameLift as the use case
    • Attach the necessary permissions policy (such as access to S3)
    • Review and create the role
  3. The trust policy for the role should look like this:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": "gamelift.amazonaws.com"
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }
  4. For the permissions policy, you can use a more specific policy that grants only the necessary S3 actions:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:GetObject",
            "s3:GetObjectVersion"
          ],
          "Resource": "arn:aws:s3:::your-bucket-name/*"
        }
      ]
    }
  5. Make sure you're in the correct AWS region when creating the build and that the IAM role is in the same region.

  6. If you've recently created the role, there might be a slight delay before it appears in the dropdown. Try refreshing the page after a few minutes.

  7. Verify that your IAM user has permissions to list and retrieve IAM roles.

If you've followed these steps and are still unable to see any roles in the dropdown, you may need to contact AWS support for further assistance, as there could be an account-specific issue or a temporary service problem.
Sources
Set up an IAM service role for Amazon GameLift - Amazon GameLift
IAM permission examples for Amazon GameLift - Amazon GameLift
Create a build with files in Amazon S3 - Amazon GameLift

profile picture
answered 8 days ago
profile picture
EXPERT
reviewed 7 days ago
0

I am creating everything from a root user to exclude any chance of missing permissions from the current user. Everything else was already like that. I have been creating roles and waiting for them to show up for 4 hours now, they do not show up. I have refreshed page and logged in and out several times.

answered 8 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions