CreateVpcPeeringAuthorization - GameLift Service

CreateVpcPeeringAuthorization

Requests authorization to create or delete a peer connection between the VPC for your Amazon Web Services fleet and a virtual private cloud (VPC) in your AWS account. VPC peering enables the game servers on your fleet to communicate directly with other AWS resources. Once you've received authorization, call CreateVpcPeeringConnection to establish the peering connection. For more information, see VPC Peering with Amazon Web Services Fleets.

You can peer with VPCs that are owned by any AWS account you have access to, including the account that you use to manage your Amazon Web Services fleets. You cannot peer with VPCs that are in different Regions.

To request authorization to create a connection, call this operation from the AWS account with the VPC that you want to peer to your Amazon Web Services fleet. For example, to enable your game servers to retrieve data from a DynamoDB table, use the account that manages that DynamoDB resource. Identify the following values: (1) The ID of the VPC that you want to peer with, and (2) the ID of the AWS account that you use to manage Amazon Web Services. If successful, VPC peering is authorized for the specified VPC.

To request authorization to delete a connection, call this operation from the AWS account with the VPC that is peered with your Amazon Web Services fleet. Identify the following values: (1) VPC ID that you want to delete the peering connection for, and (2) ID of the AWS account that you use to manage Amazon Web Services.

The authorization remains valid for 24 hours unless it is canceled by a call to DeleteVpcPeeringAuthorization . You must create or delete the peering connection while the authorization is valid.

Related actions

CreateVpcPeeringAuthorization | DescribeVpcPeeringAuthorizations | DeleteVpcPeeringAuthorization | CreateVpcPeeringConnection | DescribeVpcPeeringConnections | DeleteVpcPeeringConnection | All APIs by task

Request Syntax

{ "GameLiftAwsAccountId": "string", "PeerVpcId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

Note

In the following list, the required parameters are described first.

GameLiftAwsAccountId

A unique identifier for the AWS account that you use to manage your GameLift fleet. You can find your Account ID in the AWS Management Console under account settings.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Required: Yes

PeerVpcId

A unique identifier for a VPC with resources to be accessed by your GameLift fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the AWS Management Console. Learn more about VPC peering in VPC Peering with GameLift Fleets.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Required: Yes

Response Syntax

{ "VpcPeeringAuthorization": { "CreationTime": number, "ExpirationTime": number, "GameLiftAwsAccountId": "string", "PeerVpcAwsAccountId": "string", "PeerVpcId": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

VpcPeeringAuthorization

Details on the requested VPC peering authorization, including expiration.

Type: VpcPeeringAuthorization object

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServiceException

The service encountered an unrecoverable internal failure while processing the request. Clients can retry such requests immediately or after a waiting period.

HTTP Status Code: 500

InvalidRequestException

One or more parameter values in the request are invalid. Correct the invalid parameter values before retrying.

HTTP Status Code: 400

NotFoundException

A service resource associated with the request could not be found. Clients should not retry such requests.

HTTP Status Code: 400

UnauthorizedException

The client failed authentication. Clients should not retry such requests.

HTTP Status Code: 400

Examples

Authorize VPC peering between your Amazon Web Services fleet and resources on your Amazon Web Services account

In this example, you want your game servers that are running on an Amazon Web Services fleet to be able to access a web service. The web service is managed through the same AWS account that you use to manage your Amazon Web Services fleet (account ID is 111122223333). You've already created a VPC (or you're using your account's default VPC) for the web service. The ID for this VPC is vpc-a12bc345.

To make this request, sign in using your credentials for AWS account 111122223333.

HTTP requests are authenticated using an AWS Signature Version 4 signature in the Authorization header field.

Sample Request

POST / HTTP/1.1 Host: gamelift.us-west-2.amazonaws.com; Accept-Encoding: identity Content-Length: 77 User-Agent: aws-cli/1.11.36 Python/2.7.9 Windows/7 botocore/1.4.93 Content-Type: application/x-amz-json-1.0 Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170406/us-west-2/gamelift/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY X-Amz-Date: 20170406T004805Z X-Amz-Target: GameLift.CreateVpcPeeringAuthorization { "GameLiftAwsAccountId": "111122223333", "PeerVpcId": "vpc-a12bc345" }

Sample Response

HTTP/1.1 200 OK x-amzn-RequestId: b34f8665-EXAMPLE Content-Type: application/x-amz-json-1.1 Content-Length: 225 Date: Thu, 06 Apr 2017 00:48:07 GMT {"VpcPeeringAuthorization": {"CreationTime": 1503608847.489, "ExpirationTime": 1503695247, "GameLiftAwsAccountId": "111122223333", "PeerVpcAwsAccountId": "111122223333", "PeerVpcId": "vpc-a12bc345"} }

Authorize VPC peering between your Amazon Web Services fleet and resources on a different account

As in the previous example, you want your game servers to be able to access a web service. But in this example, the web service is managed through a different account from the one that you use to manage your Amazon Web Services fleet. Your Amazon Web Services account ID is 111122223333, while the web service account ID is 444455556666. A VPC has already been created on account 444455556666 with the web service. The ID for this VPC is vpc-c67ef890.

To make this request, sign in using credentials for AWS account 444455556666. If you don't have rights to this account, you need to provide your Amazon Web Services account ID to the owner of AWS account 444455556666 to make the request.

HTTP requests are authenticated using an AWS Signature Version 4 signature in the Authorization header field.

Sample Request

POST / HTTP/1.1 Host: gamelift.us-west-2.amazonaws.com; Accept-Encoding: identity Content-Length: 82 User-Agent: aws-cli/1.11.36 Python/2.7.9 Windows/7 botocore/1.4.93 Content-Type: application/x-amz-json-1.0 Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170406/us-west-2/gamelift/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY X-Amz-Date: 20170406T004805Z X-Amz-Target: GameLift.CreateVpcPeeringAuthorization { "GameLiftAwsAccountId": "111122223333", "PeerVpcId": "vpc-c67ef890" }

Sample Response

HTTP/1.1 200 OK x-amzn-RequestId: b34f8665-EXAMPLE Content-Type: application/x-amz-json-1.1 Content-Length: 225 Date: Thu, 06 Apr 2017 00:48:07 GMT {"VpcPeeringAuthorization": {"CreationTime": 1503608847.489, "ExpirationTime": 1503695247, "GameLiftAwsAccountId": "111122223333", "PeerVpcAwsAccountId": "444455556666", "PeerVpcId": "vpc-c67ef890"} }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: