Communicate with other Amazon resources from your fleets - Amazon GameLift
Access Amazon resources using an IAM roleAccess Amazon resources with VPC peering
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Communicate with other Amazon resources from your fleets

This topic describes how to set up your game server software to communicate directly and securely with other Amazon resources. You can use this connection to do tasks such as the following:

  • Send instance log data to Amazon CloudWatch Logs.

  • Capture Amazon CloudWatch metrics for better visibility into instance performance.

  • Obtain sensitive information (such as passwords) stored remotely in an Amazon Simple Storage Service (Amazon S3) bucket.

  • Read and write game data (such as game modes or inventory) stored in an Amazon DynamoDB database or other data storage service.

  • Send signals directly to an instance using Amazon Simple Queue Service (Amazon SQS).

  • Access custom resources that are deployed and running on Amazon Elastic Compute Cloud (Amazon EC2).

For your hosted software to interact with Amazon resources that you own, you can give limited access permissions to Amazon GameLift. To establish this access, use either of the following methods:

Access Amazon resources using an IAM role

For your game server or other applications to access your Amazon resources, complete the following steps.

To set up access

  1. Set up an IAM service role for Amazon GameLift. For instructions about how to set up the Amazon Identity and Access Management (IAM) service role for Amazon GameLift, see Set up an IAM service role for Amazon GameLift. After you create the role, copy the role's Amazon Resource Name (ARN). You use the ARN during fleet creation.

  2. Associate the service role with a Amazon GameLift fleet. During fleet creation, provide the service role ARN to the fleet. Applications that run on any instance in the fleet can then assume the role and acquire the necessary credentials for access. For instructions about how to create a fleet, see Create a Amazon GameLift managed fleet.

  3. Add code to your game server to assume the service role. Any game server running on a Amazon GameLift instance can assume the associated IAM service role. This includes game servers and other executables, such as install scripts and daemons. For more information about adding code to assume a role, see GetFleetRoleCredentials().

    In the application code, before accessing an Amazon resource, the application must first assume the service role. To assume the role, the application must call the Amazon Security Token Service (Amazon STS) AssumeRole API operation and specify the service role ARN. This operation returns a set of temporary credentials that provide the application with access to the Amazon resource. For more information, see Using temporary credentials with Amazon resources in the IAM User Guide.

Access Amazon resources with VPC peering

You can use Amazon Virtual Private Cloud (Amazon VPC) peering to communicate between applications running on a Amazon GameLift instance and another Amazon resource. A VPC is a virtual private network that you define that includes a set of resources managed through your Amazon Web Services account. Each Amazon GameLift fleet has its own VPC. With VPC peering, you can establish a direct network connection between the VPC for your fleet and for your other Amazon resources.

Amazon GameLift streamlines the process of setting up VPC peering connections for your game servers. It handles peering requests, updates route tables, and configures the connections as required. For instructions about how to set up VPC peering for your game servers, see VPC peering for Amazon GameLift.