更新 IAM 用户权限

打开 Amazon Web Services，然后选择 Sign In to the Console (登录到控制台)。按照提示创建新账户或登录现有账户。

打开 IAM 控制台，如果需要，为游戏团队定义用户或用户组。有关详细说明，请参阅创建 IAM 用户。您还可以使用 AWS CLI 管理用户和用户组。

对于游戏团队的每个用户或用户组，请为 GameLift FleetIQ 附加具有所需权限的权限策略，如以下策略所示。用户和用户组可以根据需要具有多个权限策略。

要附加策略，请打开用户或用户组摘要页面，并找到创建内联（自定义）策略的选项。复制下面的 JSON 语法。如果您使用 AWS CloudFormation 管理游戏托管资源，请将 AWS CloudFormation 权限添加到策略语法。保存新策略。

GameLift FleetIQ_策略

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "iam:PassRole"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "iam:CreateServiceLinkedRole"
      ],
      "Effect": "Allow",
      "Resource": "arn:*:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
    },
    {
      "Action": [
        "autoscaling:CreateAutoScalingGroup",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:ExitStandby",
        "autoscaling:PutLifecycleHook",
        "autoscaling:PutScalingPolicy",
        "autoscaling:ResumeProcesses",
        "autoscaling:SetInstanceProtection",
        "autoscaling:UpdateAutoScalingGroup",
        "autoscaling:DeleteAutoScalingGroup"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "ec2:DescribeAvailabilityZones",
        "ec2:DescribeSubnets",
        "ec2:RunInstances"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "events:PutRule",
        "events:PutTargets"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

的其他权限AWS CloudFormation

    {
      "Action": [
        "autoscaling:CreateOrUpdateTags",
        "autoscaling:DescribeLifecycleHooks",
        "autoscaling:DescribeNotificationConfigurations",
        "ec2:DescribeLaunchTemplateVersions"
      ]
      "Effect": "Allow",
      "Resource": "*"
    }