Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Security best practices for Amazon GameLift

If you're using Amazon GameLift FleetIQ as a standalone feature with Amazon EC2, see Security in Amazon EC2 in the Amazon EC2 User Guide.

Amazon GameLift provides a number of security features to consider as you develop and implement your own security policies. The following best practices are general guidelines and don't represent a complete security solution. Because these best practices might not be appropriate or sufficient for your environment, treat them as helpful considerations rather than prescriptions.

Don't open ports to the Internet

We strongly recommend against opening ports to the Internet because doing so poses a security risk. For example, if you use UpdateFleetPortSettings to open a remote desktop port like this:

{
  "FleetId": "<fleet identifier>",
  "InboundPermissionAuthorizations": [ 
      { 
        "FromPort": 3389,
        "IpRange": "0.0.0.0/0",
        "Protocol": "RDP",
        "ToPort": 3389
      }
  ]
}

then you are allowing anyone on the Internet to access the instance.

Instead, open the port with a specific IP address or range of addresses. For example, like this:

{
  "FleetId": "<fleet identifier>",
  "InboundPermissionAuthorizations": [ 
      { 
        "FromPort": 3389,
        "IpRange": "54.186.139.221/32",
        "Protocol": "TCP",
        "ToPort": 3389
      }
  ]
}

Learn more

For more information about how you can make your use of Amazon GameLift more secure, see the Amazon Well-Architected Tool Security pillar..