You are currently viewing content for use with Unreal Engine software. See all AWS GameKit documentation
Manage permissions for achievements
When working with the achievements game feature, users might need additional access
permissions to work with achievement definitions. The default
GameKitDeveloperPolicy
permissions policy allows users to sync achievement
definitions to the cloud when working in the Development environment only.
Working with achievement definitions involves direct calls to the
AwsGameKitAchievementAdmin
API. AWS GameKit manages AchievementAdmin
permissions with IAM roles, which offer additional controls and security to protect your
game. An IAM role specifies two things: (1) who can assume the role, and (2) which resources
they can control.
You need AWS account admin access to change user permissions. As a best practice, assign permissions to user groups and manage user permissions by adding users to user groups with the appropriate permissions.
Options for editing AchievementAdmin
permissions:
- To remove user access in the Development environment
-
Remove the following section from the user group permissions policy.
{ "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::
[YOUR_ACCOUNT_ID]
:role/gamekit_dev_*_AchievementsAdminInvokeRole" } - To add user access in other environments
-
Follow these steps:
-
In
_AchievementsAdminInvokeRole
, edit the role's trust relationship to add specific user group IDs. For detailed instructions, see Modifying a role trust policy. -
Create an IAM user group with permissions to assume this role.
{ "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::
[YOUR_ACCOUNT_ID]
:role/gamekit_[game title]
_AchievementsAdminInvokeRole" } -
To give IAM users access, add them to the new user group.
-