By using AWS re:Post, you agree to the Terms of Use

AWS Well-Architected Framework

AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on six pillars — operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.

Recent questions

see all
1/18

AWS Game Lift Server: Best Solution for Generating and Rotating API Keys for AWS Server Authentication?

We are currently setting up some authentication systems for our UE4 game servers so that we are sure they are the only devices/users that are capable of accessing our internal API / LAMDBA functions. With that in mind, there is a desire to not hard code any COGNITO user ID's or tokens into the actual server-code itself. Instead, we would like to pursue having these tokens be generated and cycled through on AWS's side, to keep it decoupled. We are undecided whether these tokens should be for the life of the Gamelift server or for a set period of time—whichever is most feasible. This way, if we need to adjust access to certain features down the road, it will not require an update to the deployed Unreal Engine server build. Does AWS API or LAMDBA have any features out of the box to check if an API request is coming from within AWS, ideally from one of the active Gamelift instances? While we may still need to create a COGNITO identity for the servers, or just check the local IP of the running Gamelift servers, the ideal flow would look like: 1) UE4 game server on AWS asks for a token on Startup. 2) LAMDBA Authorization script checks to make sure it is valid and coming from within AWS/Gamelift 3) Once Validated, LAMDBA function provides a token to enable server to use in backend LAMDBA functions. 4) Before Gamelift Server shutdown, revoke access or add to a "black-listed" token Database to prevent second use before token expiration.
1
answers
0
votes
10
views
asked 21 hours ago

Popular users

see all
1/18