Set up an Amazon Web Services account

Sign up for an Amazon Web Services account Secure IAM users Manage user permissions for Amazon GameLift Set up programmatic access for users Set up programmatic access for your game

To start using Amazon GameLift, create and set up your Amazon Web Services account. There's no charge to create an Amazon Web Services account. This section walks you through creating your account, setting up your users, and configuring permissions.

Topics

Sign up for an Amazon Web Services account
Secure IAM users
Manage user permissions for Amazon GameLift
Set up programmatic access for users
Set up programmatic access for your game
IAM permission examples for Amazon GameLift
Set up an IAM service role for Amazon GameLift

If you do not have an Amazon Web Services account, use the following procedure to create one.

To sign up for Amazon Web Services

Open http://www.amazonaws.cn/ and choose Sign Up.
Follow the on-screen instructions.

Amazon sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to http://www.amazonaws.cn/ and choosing My Account.

Secure IAM users

After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see Enable a virtual MFA device for an IAM user (console) in the IAM User Guide.

To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks.

For more information about creating and securing IAM users, see the following topics in the IAM User Guide:

Manage user permissions for Amazon GameLift

Create additional users or extend access permissions to existing users as needed for your Amazon GameLift resources. As a best practice ( Security best practices in IAM), apply least-privilege permissions for all users. For guidance on permissions syntax, see IAM permission examples for Amazon GameLift.

Use following instructions to set user permissions based on how you manage the users in your Amazon account.

To provide access, add permissions to your users, groups, or roles:

Users managed in IAM through an identity provider:

Create a role for identity federation. Follow the instructions in Creating a role for a third-party identity provider (federation) in the IAM User Guide.
IAM users:
- Create a role that your user can assume. Follow the instructions in Creating a role for an IAM user in the IAM User Guide.
- (Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.

When working with IAM users, as a best practice always attach permissions to roles or user groups, not individual users.

Set up programmatic access for users

Users need programmatic access if they want to interact with Amazon outside of the Amazon Web Services Management Console. The Amazon APIs and the Amazon Command Line Interface require access keys. Whenever possible, create temporary credentials that consist of an access key ID, a secret access key, and a security token that indicates when the credentials expire.

To grant users programmatic access, choose one of the following options.

Which user needs programmatic access?	To	By
IAM	Use short-term credentials to sign programmatic requests to the Amazon CLI or Amazon APIs (directly or by using the Amazon SDKs).	Following the instructions in Using temporary credentials with Amazon resources in the IAM User Guide.
IAM	(Not recommended) Use long-term credentials to sign programmatic requests to the Amazon CLI or Amazon APIs (directly or by using the Amazon SDKs).	Following the instructions in Managing access keys for IAM users in the IAM User Guide.

If you use access keys, see Best practices for managing Amazon access keys.

Set up programmatic access for your game

Most games use backend services to communicate with Amazon GameLift using the Amazon SDKs. For example, you use a backend service (acting on behalf of game clients) to request game sessions, place players into games, and other tasks. These services need programmatic access and security credentials to authenticate calls to Amazon GameLift service APIs.

For Amazon GameLift, you manage this access by creating a player user in Amazon Identity and Access Management (IAM). Manage player user permissions through one of the following options:

Create an IAM role with player user permissions and allow the player user to assume the role when needed. The backend service must include code to assume this role before making requests to Amazon GameLift. In accordance with security best practices, roles provide limited, temporary access. You can use roles for workloads running on Amazon resources (IAM roles) or outside of Amazon (IAM Roles Anywhere).
Create an IAM user group with player user permissions and add your player user to the group. This option gives your player user long-term credentials, which the backend service must store and use when communicating with Amazon GameLift.

For permissions policy syntax, see Player user permission examples.

For more information on managing permissions for use by a workload, see IAM Identities: Temporary credentials in IAM.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Setting up

IAM permission examples