Retrieve security credentials Generate new security credentials Securing credentials with the plugin Related AWS topics

Get your AWS security credentials

Summary

AWS GameKit users must have an AWS account and security credentials to use the plugin. This topic helps plugin users or AWS account administrators get credentials for an AWS user.

AWS GameKit users must sign in to the plugin with their AWS user security credentials. These credentials authorize a user's programmatic access to AWS so that they can create and manage their game's cloud backend directly from the plugin.

Use the following procedures to get security credentials for an existing AWS user. To create new users with AWS GameKit access, see Set up AWS account for AWS GameKit.

Retrieve security credentials

AWS users must store security credentials locally. Look for your existing security credentials in the following locations:

For AWS users created with the create_IAM_user.py script (included in the AWS GameKit plugin download), the script generates security credentials for the user and saves them to [username]_credentials.txt file. If you ran the script, the file is saved to your local machine in the directory ...\policies\.
When generating security credentials through the AWS Management Console, you can download the credentials to a local file named <user name>_accessKeys.csv.
If you've used your credentials with the AWS GameKit plugin or other AWS programmatic tools, they may be saved to your home directory (for example: C:\Users\<user ID>\.aws\credentials).

Generate new security credentials

If you don’t have valid security credentials, or you've lost your existing credentials, follow these instructions to create new ones for your AWS user.

Note

For AWS users created with the create_IAM_user script (included in the AWS GameKit plugin download), use the instructions for the AWS Identity and Access Management (IAM) user type. You can get short-term or long-term access keys for these users.

Users need programmatic access if they want to interact with AWS outside of the AWS Management Console. The way to grant programmatic access depends on the type of user that's accessing AWS.

To grant users programmatic access, choose one of the following options.

Which user needs programmatic access?	To	By
Workforce identity (Users managed in IAM Identity Center)	Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs.	Following the instructions for the interface that you want to use. For the AWS CLI, see Configuring the AWS CLI to use AWS IAM Identity Center in the AWS Command Line Interface User Guide. For AWS SDKs, tools, and AWS APIs, see IAM Identity Center authentication in the AWS SDKs and Tools Reference Guide.
IAM	Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs.	Following the instructions in Using temporary credentials with AWS resources in the IAM User Guide.
IAM	(Not recommended) Use long-term credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs.	Following the instructions for the interface that you want to use. For the AWS CLI, see Authenticating using IAM user credentials in the AWS Command Line Interface User Guide. For AWS SDKs and tools, see Authenticate using long-term credentials in the AWS SDKs and Tools Reference Guide. For AWS APIs, see Managing access keys for IAM users in the IAM User Guide.

Which user needs programmatic access?

Workforce identity

(Users managed in IAM Identity Center)

Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs.

Following the instructions for the interface that you want to use.

For the AWS CLI, see Configuring the AWS CLI to use AWS IAM Identity Center in the AWS Command Line Interface User Guide.
For AWS SDKs, tools, and AWS APIs, see IAM Identity Center authentication in the AWS SDKs and Tools Reference Guide.

IAM

Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs.

Following the instructions in Using temporary credentials with AWS resources in the IAM User Guide.

IAM

(Not recommended)

Use long-term credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs.

Following the instructions for the interface that you want to use.

For the AWS CLI, see Authenticating using IAM user credentials in the AWS Command Line Interface User Guide.
For AWS SDKs and tools, see Authenticate using long-term credentials in the AWS SDKs and Tools Reference Guide.
For AWS APIs, see Managing access keys for IAM users in the IAM User Guide.

Securing credentials with the AWS GameKit plugin

It's safe to enter your AWS account credentials into the AWS GameKit plugin. AWS GameKit never stores your credentials with your game project or in the AWS GameKit configuration files. Credentials are never included in game distributables.

The AWS GameKit plugin asks for your AWS credentials during set up for your game project. By default, your credentials are cached locally so you don't need to re-enter them. You can enter different credentials at any time, such as when switching environments.

Tips for protecting your credentials with AWS GameKit:

Don't download the AWS GameKit plugin from anywhere other than an official source.
Don't enter credentials in your game code, even in test code for convenience.
Avoid storing credentials locally in files that are shared. The AWS GameKit plugin option "Store my credentials" saves your credentials to your home directory (~/.aws/credentials). This standard location is used by other AWS tools.

Understanding and Getting your AWS credentials, Programmatic access, AWS General Reference
Best practices for managing AWS access keys, AWS General Reference
Where are configuration settings/credential information stored?, AWS Command Line Interface User Guide

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tips for AWS account administrators

Getting started