Menu
Amazon GameLift Service
API Reference (API Version 2015-10-01)

CreateVpcPeeringAuthorization

Requests authorization to create or delete a peer connection between the VPC for your Amazon GameLift fleet and a virtual private cloud (VPC) in your AWS account. VPC peering enables the game servers on your fleet to communicate directly with other AWS resources. Once you've received authorization, call CreateVpcPeeringConnection to establish the peering connection. For more information, see VPC Peering with Amazon GameLift Fleets.

You can peer with VPCs that are owned by any AWS account you have access to, including the account that you use to manage your Amazon GameLift fleets. You cannot peer with VPCs that are in different regions.

To request authorization to create a connection, call this operation from the AWS account with the VPC that you want to peer to your Amazon GameLift fleet. For example, to enable your game servers to retrieve data from a DynamoDB table, use the account that manages that DynamoDB resource. Identify the following values: (1) The ID of the VPC that you want to peer with, and (2) the ID of the AWS account that you use to manage Amazon GameLift. If successful, VPC peering is authorized for the specified VPC.

To request authorization to delete a connection, call this operation from the AWS account with the VPC that is peered with your Amazon GameLift fleet. Identify the following values: (1) VPC ID that you want to delete the peering connection for, and (2) ID of the AWS account that you use to manage Amazon GameLift.

The authorization remains valid for 24 hours unless it is canceled by a call to DeleteVpcPeeringAuthorization. You must create or delete the peering connection while the authorization is valid.

VPC peering connection operations include:

Request Syntax

{
   "GameLiftAwsAccountId": "string",
   "PeerVpcId": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

Note

In the following list, the required parameters are described first.

GameLiftAwsAccountId

Unique identifier for the AWS account that you use to manage your Amazon GameLift fleet. You can find your Account ID in the AWS Management Console under account settings.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Required: Yes

PeerVpcId

Unique identifier for a VPC with resources to be accessed by your Amazon GameLift fleet. The VPC must be in the same region where your fleet is deployed. To get VPC information, including IDs, use the Virtual Private Cloud service tools, including the VPC Dashboard in the AWS Management Console.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Required: Yes

Response Syntax

{
   "VpcPeeringAuthorization": { 
      "CreationTime": number,
      "ExpirationTime": number,
      "GameLiftAwsAccountId": "string",
      "PeerVpcAwsAccountId": "string",
      "PeerVpcId": "string"
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

VpcPeeringAuthorization

Details on the requested VPC peering authorization, including expiration.

Type: VpcPeeringAuthorization object

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServiceException

The service encountered an unrecoverable internal failure while processing the request. Clients can retry such requests immediately or after a waiting period.

HTTP Status Code: 500

InvalidRequestException

One or more parameter values in the request are invalid. Correct the invalid parameter values before retrying.

HTTP Status Code: 400

NotFoundException

A service resource associated with the request could not be found. Clients should not retry such requests.

HTTP Status Code: 400

UnauthorizedException

The client failed authentication. Clients should not retry such requests.

HTTP Status Code: 400

Examples

Authorize VPC peering between your Amazon GameLift fleet and resources on your Amazon GameLift AWS account

In this example, you want your game servers that are running on an Amazon GameLift fleet to be able to access a web service. The web service is managed through the same AWS account that you use to manage your Amazon GameLift fleet (account ID is 111122223333). You've already created a VPC (or you're using your account's default VPC) for the web service. The ID for this VPC is vpc-a12bc345.

To make this request, sign in using your credentials for AWS account 111122223333.

HTTP requests are authenticated using an AWS Signature Version 4 signature in the Authorization header field.

Sample Request

POST / HTTP/1.1
Host: gamelift.us-west-2.amazonaws.com;
Accept-Encoding: identity
Content-Length: 77
User-Agent: aws-cli/1.11.36 Python/2.7.9 Windows/7 botocore/1.4.93
Content-Type: application/x-amz-json-1.0
Authorization: AWS4-HMAC-SHA256  Credential=AKIAIOSFODNN7EXAMPLE/20170406/us-west-2/gamelift/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
X-Amz-Date: 20170406T004805Z
X-Amz-Target: GameLift.CreateVpcPeeringAuthorization 

{ "GameLiftAwsAccountId": "111122223333",
    "PeerVpcId": "vpc-a12bc345"
}

Sample Response

HTTP/1.1 200 OK
x-amzn-RequestId: b34f8665-EXAMPLE
Content-Type: application/x-amz-json-1.1
Content-Length: 225
Date: Thu, 06 Apr 2017 00:48:07 GMT

{"VpcPeeringAuthorization": 
  {"CreationTime": 1503608847.489, 
   "ExpirationTime": 1503695247, 
   "GameLiftAwsAccountId": "111122223333", 
   "PeerVpcAwsAccountId": "111122223333", 
   "PeerVpcId": "vpc-a12bc345"}
}

Authorize VPC peering between your Amazon GameLift fleet and resources on a different AWS account

As in the previous example, you want your game servers to be able to access a web service. But in this example, the web service is managed through a different account from the one that you use to manage your Amazon GameLift fleet. Your Amazon GameLift account ID is 111122223333, while the web service account ID is 444455556666. A VPC has already been created on account 444455556666 with the web service. The ID for this VPC is vpc-c67ef890.

To make this request, sign in using credentials for AWS account 444455556666. If you don't have rights to this account, you need to provide your Amazon GameLift account ID to the owner of AWS account 444455556666 to make the request.

HTTP requests are authenticated using an AWS Signature Version 4 signature in the Authorization header field.

Sample Request

POST / HTTP/1.1
Host: gamelift.us-west-2.amazonaws.com;
Accept-Encoding: identity
Content-Length: 82
User-Agent: aws-cli/1.11.36 Python/2.7.9 Windows/7 botocore/1.4.93
Content-Type: application/x-amz-json-1.0
Authorization: AWS4-HMAC-SHA256  Credential=AKIAIOSFODNN7EXAMPLE/20170406/us-west-2/gamelift/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
X-Amz-Date: 20170406T004805Z
X-Amz-Target: GameLift.CreateVpcPeeringAuthorization 

{
    "GameLiftAwsAccountId": "111122223333",
    "PeerVpcId": "vpc-c67ef890"
}

Sample Response

HTTP/1.1 200 OK
x-amzn-RequestId: b34f8665-EXAMPLE
Content-Type: application/x-amz-json-1.1
Content-Length: 225
Date: Thu, 06 Apr 2017 00:48:07 GMT

{"VpcPeeringAuthorization": 
  {"CreationTime": 1503608847.489, 
   "ExpirationTime": 1503695247, 
   "GameLiftAwsAccountId": "111122223333", 
   "PeerVpcAwsAccountId": "444455556666", 
   "PeerVpcId": "vpc-c67ef890"}
}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: