Configuration and vulnerability analysis in Amazon GameLift - Amazon GameLift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configuration and vulnerability analysis in Amazon GameLift

If you're using Amazon GameLift FleetIQ as a standalone feature with Amazon EC2, see Security in Amazon EC2 in the Amazon EC2 User Guide for Linux Instances.

Configuration and IT controls are a shared responsibility between Amazon and you, our customer. For more information, see the Amazon shared responsibility model. Amazon handles basic security tasks like guest operating system (OS) and database patching, firewall configuration, and disaster recovery. These procedures have been reviewed and certified by the appropriate third parties. For more details, see the following resource: Amazon Web Services: Overview of security processes (whitepaper).

The following security best practices also address configuration and vulnerability analysis in Amazon GameLift:

  • Customers are responsible for the management of software that is deployed to Amazon GameLift instances for game hosting. Specifically:

    • Customer-provided game server application software should be maintained, including updates and security patches. To update game server software, upload a new build to Amazon GameLift, create a new fleet for it, and redirect traffic to the new fleet.

    • The base Amazon Machine Image (AMI), which includes the operating system, is updated only when a new fleet is created. To patch, update, and secure the operating system and other applications that are part of the AMI, recycle fleets on a regular basis, regardless of game server updates.

  • Customers should consider regularly updating their games with the latest SDK versions, including the Amazon SDK, the Amazon GameLift Server SDK, and the Amazon GameLift Client SDK for Realtime Servers.