Set up AWS account for AWS GameKit - AWS GameKit
Sign up for an AWS accountSet up an administratorSet up an AWS userRelated AWS topics

You are currently viewing content for use with Unity game engine software. See all AWS GameKit documentation

Set up AWS account for AWS GameKit

Summary

This topic provides instructions for how to set up an AWS account and users for AWS GameKit activities. This information is for administrators and others who manage AWS user accounts.

As a first step to building cloud-based features into your game projects with AWS GameKit, create an AWS account for use with the project. You use this account to manage cloud resources for your game backend, including tracking costs and controlling user access.

To set up an AWS account for a game project:

Note

If your account uses the new AWS IAM Identity Center to manage users, users might experience unusual behavior and messaging in the AWS GameKit package. Their security credentials provide short-term access, users can't store them for future use and have to regenerate them often. If you create users with the automated script supplied with AWS GameKit, users get long-term access keys.

Sign up for an AWS account

If you don't have an AWS account, or if you want to set up a separate account for a project, complete the following steps to create one.

To sign up for an AWS account

  1. Open https://portal.aws.amazon.com/billing/signup

  2. Follow the online instructions. Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to an administrative user, and only use the root user to perform tasks that require root user access.

AWS sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to https://aws.amazon.com/ and choosing My Account.

Get more detailed guidance and tips on the sign-up process in How do I create and activate a new AWS account?.

Set up an administrator

After you sign up for an AWS account, create an administrative user so that you don't use the root user for everyday tasks.

Secure your AWS account root user

  1. Sign in to the AWS Management Console as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password.

    For help signing in using root user, see Signing in as the root user in the AWS Sign-In User Guide.

  2. Turn on multi-factor authentication (MFA) for your root user.

    For instructions, see Enable a virtual MFA device for your AWS account root user (console) in the IAM User Guide.

Create an administrative user

For your daily administrative tasks, assign access to an administrative user in the AWS Identity and Access Management (IAM) service.

  1. Sign in to the AWS Management Console with your root user credentials (AWS account email address and password.

  2. On the Console Home page, select the IAM service.

  3. In the navigation pane, select Users and then select Add users.

  4. In Step 1: Specify user details, set the following:

    • Enter a User name for the new user. This is their sign-in name for AWS.

    • Select Provide user access to the – AWS Management Console optional This produces AWS Management Console sign-in credentials for the new user. Choose the option I want to create an IAM user.

    • Choose a Console password option.

    Choose Next.

  5. In Step 2: Set permissions, choose the option Attach policies directly and select the AdministratorAccess policy from the list. Choose Next.

  6. In Step 3: Review and create, check your settings and then choose Create user.

  7. In Step 4: Retrieve password, the Console displays information on signing in with the new user. At this point, the new administrative user has sign-in credentials for the console but doesn't yet have the security credentials needed to use the AWS GameKit package. Choose the View user button.

  8. On the user detail page, open the Security Credentials tab and go to the Access Keys section. Choose Create access key.

  9. Under Access key best practices & alternatives, choose the Local code option, acknowledge the recommendations, and choose Next to create the access key. Follow the instructions to download and store the new access key. You need this key to use AWS GameKit.

Set up a user with AWS GameKit access

All AWS GameKit users must have AWS access before they can deploy, update, or delete AWS resources for their game project. An AWS account administrator creates users, manages user access, and generates unique security credentials for each user.

AWS GameKit provides an automated script for setting up AWS users with AWS GameKit access. Administrators can use the script to create new users or extent access to existing users. This script creates IAM users with long-term access keys. As an alternative, administrators can work directly in the AWS Identity and Access Management (IAM) service. For guidance on working with IAM, see Related AWS topics.

To create or update AWS users using the AWS GameKit script

  1. Find the Python script create_IAM_user.py in your AWS GameKit install files.

    [AWS GameKit install location]\AwsGameKit\Resources\cloudResources\policies\create_IAM_user.py

    To use this script, you need administrative rights to the AWS account that you are adding or updating users for. For additional requirements, see the requirements.txt file located in the same directory.

  2. Run the script with the following arguments to create or update a user:

    
python create_IAM_user.py [AWS USERNAME] [AWS ACCESS KEY] [AWS SECRET KEY]

    • AWS USERNAME is the user name that you want to add or update.

    • AWS ACCESS KEY and AWS SECRET KEY are your administrator credentials for the AWS account.

    On a successful request, the script takes the following actions:

    • Checks to see if the requested user name already exists in the AWS account. If it doesn't exist, the script creates a new IAM user in the account.

    • Checks for a user group in the AWS account with the name "GameKitDevGroup". If none exists, the script creates a new "GameKitDevGroup" user group and attaches the GameKitDeveloperPolicy permissions policy. This policy is also included in the AWS GameKit download package (GameKitDeveloperPolicy_Template.json).

    • Adds the requested user to the GameKitDevGroup user group.

    • For a newly created user, generates long-term security credentials for the user and saves them to [username]_credentials.txt in the ...\policies directory.