Actions, resources, and condition keys for Amazon GameLift - Service Authorization Reference

Actions, resources, and condition keys for Amazon GameLift

Amazon GameLift (service prefix: gamelift) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions defined by Amazon GameLift

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

The Resource types column indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. Required resources are indicated in the table with an asterisk (*). If you specify a resource-level permission ARN in a statement using this action, then it must be of this type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one but not the other.

For details about the columns in the following table, see The actions table.

Actions Description Access level Resource types (*required) Condition keys Dependent actions
AcceptMatch Registers player acceptance or rejection of a proposed FlexMatch match. Write
ClaimGameServer Locates and reserves a game server to host a new game session. Write

gameServerGroup*

CreateAlias Defines a new alias for a fleet. Write

aws:RequestTag/${TagKey}

aws:TagKeys

CreateBuild Creates a new game build using files stored in an Amazon S3 bucket. Write

aws:RequestTag/${TagKey}

aws:TagKeys

CreateFleet Creates a new fleet of computing resources to run your game servers. Write

aws:RequestTag/${TagKey}

aws:TagKeys

CreateGameServerGroup Creates a new game server group, sets up a corresponding Auto Scaling group, and launches instances to host game servers. Write

aws:RequestTag/${TagKey}

aws:TagKeys

CreateGameSession Starts a new game session on a specified fleet. Write
CreateGameSessionQueue Sets up a new queue for processing new game session placement requests. Write

aws:RequestTag/${TagKey}

aws:TagKeys

CreateMatchmakingConfiguration Creates a new FlexMatch matchmaker. Write

aws:RequestTag/${TagKey}

aws:TagKeys

CreateMatchmakingRuleSet Creates a new matchmaking rule set for FlexMatch. Write

aws:RequestTag/${TagKey}

aws:TagKeys

CreatePlayerSession Reserves an available game session slot for a player. Write
CreatePlayerSessions Reserves available game session slots for multiple players. Write
CreateScript Creates a new Realtime Servers script. Write

aws:RequestTag/${TagKey}

aws:TagKeys

CreateVpcPeeringAuthorization Allows GameLift to create or delete a peering connection between a GameLift fleet VPC and a VPC on another AWS account. Write
CreateVpcPeeringConnection Establishes a peering connection between your GameLift fleet VPC and a VPC on another account. Write
DeleteAlias Deletes an alias. Write

alias*

DeleteBuild Deletes a game build. Write

build*

DeleteFleet Deletes an empty fleet. Write

fleet*

DeleteGameServerGroup Permanently deletes a game server group and terminates FleetIQ activity for the corresponding Auto Scaling group. Write

gameServerGroup*

DeleteGameSessionQueue Deletes an existing game session queue. Write

gameSessionQueue*

DeleteMatchmakingConfiguration Deletes an existing FlexMatch matchmaker. Write

matchmakingConfiguration*

DeleteMatchmakingRuleSet Deletes an existing FlexMatch matchmaking rule set. Write

matchmakingRuleSet*

DeleteScalingPolicy Deletes a set of auto-scaling rules. Write

fleet*

DeleteScript Deletes a Realtime Servers script. Write

script*

DeleteVpcPeeringAuthorization Cancels a VPC peering authorization. Write
DeleteVpcPeeringConnection Removes a peering connection between VPCs. Write
DeregisterGameServer Removes a game server from a game server group. Write

gameServerGroup*

DescribeAlias Retrieves properties for an alias. Read

alias*

DescribeBuild Retrieves properties for a game build. Read

build*

DescribeEC2InstanceLimits Retrieves the maximum allowed and current usage for EC2 instance types. Read
DescribeFleetAttributes Retrieves general properties, including status, for fleets. Read
DescribeFleetCapacity Retrieves the current capacity setting for fleets. Read
DescribeFleetEvents Retrieves entries from a fleet's event log. Read

fleet*

DescribeFleetPortSettings Retrieves the inbound connection permissions for a fleet. Read

fleet*

DescribeFleetUtilization Retrieves utilization statistics for fleets. Read
DescribeGameServer Retrieves properties for a game server. Read

gameServerGroup*

DescribeGameServerGroup Retrieves properties for a game server group. Read

gameServerGroup*

DescribeGameServerInstances Retrieves the status of EC2 instances in a game server group. Read

gameServerGroup*

DescribeGameSessionDetails Retrieves properties for game sessions in a fleet, including the protection policy. Read
DescribeGameSessionPlacement Retrieves details of a game session placement request. Read
DescribeGameSessionQueues Retrieves properties for game session queues. Read
DescribeGameSessions Retrieves properties for game sessions in a fleet. Read
DescribeInstances Retrieves information about instances in a fleet. Read

fleet*

DescribeMatchmaking Retrieves details of matchmaking tickets. Read
DescribeMatchmakingConfigurations Retrieves properties for FlexMatch matchmakers. Read
DescribeMatchmakingRuleSets Retrieves properties for FlexMatch matchmaking rule sets. Read
DescribePlayerSessions Retrieves properties for player sessions in a game session. Read
DescribeRuntimeConfiguration Retrieves the current runtime configuration for a fleet. Read

fleet*

DescribeScalingPolicies Retrieves all scaling policies that are applied to a fleet. Read

fleet*

DescribeScript Retrieves properties for a Realtime Servers script. Read

script*

DescribeVpcPeeringAuthorizations Retrieves valid VPC peering authorizations. Read
DescribeVpcPeeringConnections Retrieves details on active or pending VPC peering connections. Read
GetGameSessionLogUrl Retrieves the location of stored logs for a game session. Read
GetInstanceAccess Requests remote access to a specified fleet instance. Read

fleet*

ListAliases Retrieves all aliases that are defined in the current region. List
ListBuilds Retrieves all game build in the current region. List
ListFleets Retrieves a list of fleet IDs for all fleets in the current region. List
ListGameServerGroups Retrieves all game server groups that are defined in the current region. List
ListGameServers Retrieves all game servers that are currently running in a game server group. List

gameServerGroup*

ListScripts Retrieves properties for all Realtime Servers scripts in the current region. List
ListTagsForResource Lists tags for GameLift resources List

alias

build

fleet

gameServerGroup

gameSessionQueue

matchmakingConfiguration

matchmakingRuleSet

script

PutScalingPolicy Creates or updates a fleet auto-scaling policy. Write

fleet*

RegisterGameServer Notifies GameLift FleetIQ when a new game server is ready to host gameplay. Write

gameServerGroup*

RequestUploadCredentials Retrieves fresh upload credentials to use when uploading a new game build. Read

build*

ResolveAlias Retrieves the fleet ID associated with an alias. Read

alias*

ResumeGameServerGroup Reinstates suspended FleetIQ activity for a game server group. Write

gameServerGroup*

SearchGameSessions Retrieves game sessions that match a set of search criteria. Read
StartFleetActions Resumes auto-scaling activity on a fleet after it was suspended with StopFleetActions(). Write

fleet*

StartGameSessionPlacement Sends a game session placement request to a game session queue. Write

gameSessionQueue*

StartMatchBackfill Requests FlexMatch matchmaking to fill available player slots in an existing game session. Write
StartMatchmaking Requests FlexMatch matchmaking for one or a group of players and game session placement for a resulting match. Write
StopFleetActions Suspends auto-scaling activity on a fleet. Write

fleet*

StopGameSessionPlacement Cancels a game session placement request that is in progress. Write
StopMatchmaking Cancels a matchmaking or match backfill request that is in progress. Write
SuspendGameServerGroup Temporarily stops FleetIQ activity for a game server group. Write

gameServerGroup*

TagResource Tags GameLift resources Tagging

alias

build

fleet

gameServerGroup

gameSessionQueue

matchmakingConfiguration

matchmakingRuleSet

script

aws:RequestTag/${TagKey}

aws:TagKeys

UntagResource Untags GameLift resources Tagging

alias

build

fleet

gameServerGroup

gameSessionQueue

matchmakingConfiguration

matchmakingRuleSet

script

aws:TagKeys

UpdateAlias Updates the properties of an existing alias. Write

alias*

UpdateBuild Updates an existing build's metadata. Write

build*

UpdateFleetAttributes Updates the general properties of an existing fleet. Write

fleet*

UpdateFleetCapacity Adjusts a fleet's capacity settings. Write

fleet*

UpdateFleetPortSettings Adjusts a fleet's port settings. Write

fleet*

UpdateGameServer Changes game server properties, health status, or utilization status. Write

gameServerGroup*

UpdateGameServerGroup Updates properties for game server group, including allowed instance types. Write

gameServerGroup*

UpdateGameSession Updates the properties of an existing game session. Write
UpdateGameSessionQueue Updates properties of an existing game session queue. Write

gameSessionQueue*

UpdateMatchmakingConfiguration Updates properties of an existing FlexMatch matchmaking configuration. Write

matchmakingConfiguration*

UpdateRuntimeConfiguration Updates how server processes are configured on instances in an existing fleet. Write

fleet*

UpdateScript Updates the metadata and content of an existing Realtime Servers script. Write

script*

ValidateMatchmakingRuleSet Validates the syntax of a FlexMatch matchmaking rule set. Read

Resource types defined by Amazon GameLift

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The resource types table.

Resource types ARN Condition keys
alias arn:${Partition}:gamelift:${Region}::alias/${AliasId}

aws:ResourceTag/${TagKey}

build arn:${Partition}:gamelift:${Region}:${AccountId}:build/${BuildId}

aws:ResourceTag/${TagKey}

script arn:${Partition}:gamelift:${Region}:${AccountId}:script/${ScriptId}

aws:ResourceTag/${TagKey}

fleet arn:${Partition}:gamelift:${Region}:${Account}:fleet/${FleetId}

aws:ResourceTag/${TagKey}

gameSessionQueue arn:${Partition}:gamelift:${Region}:${Account}:gamesessionqueue/${GameSessionQueueName}

aws:ResourceTag/${TagKey}

matchmakingConfiguration arn:${Partition}:gamelift:${Region}:${Account}:matchmakingconfiguration/${MatchmakingConfigurationName}

aws:ResourceTag/${TagKey}

matchmakingRuleSet arn:${Partition}:gamelift:${Region}:${Account}:matchmakingruleset/${MatchmakingRuleSetName}

aws:ResourceTag/${TagKey}

gameServerGroup arn:${Partition}:gamelift:${Region}:${Account}:gameservergroup/${GameServerGroupName}

aws:ResourceTag/${TagKey}

Condition keys for Amazon GameLift

Amazon GameLift defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see The condition keys table.

To view the global condition keys that are available to all services, see Available global condition keys.

Condition keys Description Type
aws:RequestTag/${TagKey} Filters actions based on the tags that are passed in the request String
aws:ResourceTag/${TagKey} Filters actions based on the tags associated with the resource String
aws:TagKeys Filters actions based on the tag keys that are passed in the request String