Set up an Amazon Web Services account - Amazon GameLift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Set up an Amazon Web Services account

To start using Amazon GameLift, create and set up your Amazon Web Services account. There's no charge to create an Amazon Web Services account. This section walks you through creating your account, setting up your users, and configuring permissions.

Sign up for an Amazon Web Services account

If you do not have an Amazon Web Services account, use the following procedure to create one.

To sign up for Amazon Web Services
  1. Open and choose Sign Up.

  2. Follow the on-screen instructions.

Amazon sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to and choosing My Account.

Secure IAM users

After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see Enable a virtual MFA device for an IAM user (console) in the IAM User Guide.

To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks.

For more information about creating and securing IAM users, see the following topics in the IAM User Guide:

Manage user permissions for Amazon GameLift

Create additional users or extend access permissions to existing users as needed for your Amazon GameLift resources. As a best practice ( Security best practices in IAM), apply least-privilege permissions for all users. For guidance on permissions syntax, see IAM permission examples for Amazon GameLift.

Use following instructions to set user permissions based on how you manage the users in your Amazon account.

To provide access, add permissions to your users, groups, or roles:

When working with IAM users, as a best practice always attach permissions to roles or user groups, not individual users.

Set up programmatic access for users

Users need programmatic access if they want to interact with Amazon outside of the Amazon Web Services Management Console. The Amazon APIs and the Amazon Command Line Interface require access keys. Whenever possible, create temporary credentials that consist of an access key ID, a secret access key, and a security token that indicates when the credentials expire.

To grant users programmatic access, choose one of the following options.

Which user needs programmatic access? To By
IAM Use short-term credentials to sign programmatic requests to the Amazon CLI or Amazon APIs (directly or by using the Amazon SDKs). Following the instructions in Using temporary credentials with Amazon resources in the IAM User Guide.

(Not recommended)

Use long-term credentials to sign programmatic requests to the Amazon CLI or Amazon APIs (directly or by using the Amazon SDKs).
Following the instructions in Managing access keys for IAM users in the IAM User Guide.

If you use access keys, see Best practices for managing Amazon access keys.

Set up programmatic access for your game

Most games use backend services to communicate with Amazon GameLift using the Amazon SDKs. For example, you use a backend service (acting on behalf of game clients) to request game sessions, place players into games, and other tasks. These services need programmatic access and security credentials to authenticate calls to Amazon GameLift service APIs.

For Amazon GameLift, you manage this access by creating a player user in Amazon Identity and Access Management (IAM). Manage player user permissions through one of the following options:

  • Create an IAM role with player user permissions and allow the player user to assume the role when needed. The backend service must include code to assume this role before making requests to Amazon GameLift. In accordance with security best practices, roles provide limited, temporary access. You can use roles for workloads running on Amazon resources (IAM roles) or outside of Amazon (IAM Roles Anywhere).

  • Create an IAM user group with player user permissions and add your player user to the group. This option gives your player user long-term credentials, which the backend service must store and use when communicating with Amazon GameLift.

For permissions policy syntax, see Player user permission examples.

For more information on managing permissions for use by a workload, see IAM Identities: Temporary credentials in IAM.