IAM policy examples for GameLift - Amazon GameLift

IAM policy examples for GameLift

You can use the following examples to create inline policies and add the appropriate permissions to your IAM users or user groups.

Simple policy examples for administrators

These policy examples illustrate how to provide full administrative access to a user.

Policy for GameLift resource permissions

The following policy example covers access to all GameLift-related resources (fleets, queues, game sessions, matchmakers, etc.). All users who manage or view these resources need this type of permissions policy.

{ "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "gamelift:*", "Resource": "*" } }

Policy for GameLift resource and PassRole permissions

This policy example provides access to GameLift-related resources as above. It also allows the user to pass an IAM service role to GameLift. Not all users need to have PassRole permission; it is used to give GameLift limited ability to access resources in other services on your behalf. For example, you need this permission when calling CreateBuild with an IAM role that allows GameLift to access your build files in an S3 bucket. For more information on PassRole, see the IAM User Guide topic IAM: Pass an IAM role to a specific AWS service.

{ "Version": "2012-10-17", "Statement":[ { "Effect": "Allow", "Action": "gamelift:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": {"iam:PassedToService": "gamelift.amazonaws.com"} } }] }

Simple policy examples for players

The following policy examples illustrate how to enable game clients and/or game client services with the functionality to get players into game sessions. These examples cover the key scenarios that games might use to start new game sessions and assign players to available player slots.

Policy for game session placements

This policy example is for a game client service that uses game session queues and placements to start new game sessions. Players might be added to a game session either in the initial placement request or by creating new player sessions for an existing game session.

{ "Version": "2012-10-17", "Statement": { "SID": "PlayerPermissionsForGameSessionPlacements", "Effect": "Allow", "Action": [ "gamelift:StartGameSessionPlacement", "gamelift:DescribeGameSessionPlacement", "gamelift:StopGameSessionPlacement", "gamelift:CreatePlayerSession", "gamelift:CreatePlayerSessions", "gamelift:DescribeGameSessions" ], "Resource": "*" } }

Policy for matchmaking

This policy example is for a game client or client service that uses GameLift FlexMatch matchmaking. Players might be matched and placed into a new game session or they might be added to an existing game session through the backfill process.

{ "Version": "2012-10-17", "Statement": { "SID": "PlayerPermissionsForGameSessionMatchmaking", "Effect": "Allow", "Action": [ "gamelift:StartMatchmaking", "gamelift:DescribeMatchmaking", "gamelift:StopMatchmaking", "gamelift:AcceptMatch", "gamelift:StartMatchBackfill", "gamelift:DescribeGameSessions" ], "Resource": "*" } }

Policy for manual game session placement

This policy example is for a game client or client service that creates new game sessions on specific fleets and might create new player sessions in specific game sessions. This scenario supports a game that uses the "list-and-pick" method to let players choose from list of available game sessions.

{ "Version": "2012-10-17", "Statement": { "SID": "PlayerPermissionsForManualGameSessions", "Effect": "Allow", "Action": [ "gamelift:CreateGameSession", "gamelift:DescribeGameSessions", "gamelift:SearchGameSessions", "gamelift:CreatePlayerSession", "gamelift:CreatePlayerSessions", "gamelift:DescribePlayerSessions" ], "Resource": "*" } }