Don't open ports to the Internet Learn more

Security best practices for Amazon GameLift

If you're using Amazon GameLift FleetIQ as a standalone feature with Amazon EC2, see Security in Amazon EC2 in the Amazon EC2 User Guide.

Amazon GameLift provides a number of security features to consider as you develop and implement your own security policies. The following best practices are general guidelines and don't represent a complete security solution. Because these best practices might not be appropriate or sufficient for your environment, treat them as helpful considerations rather than prescriptions.

Don't open ports to the Internet

We strongly recommend against opening ports to the Internet because doing so poses a security risk. For example, if you use UpdateFleetPortSettings to open a remote desktop port like this:


{
  "FleetId": "<fleet identifier>",
  "InboundPermissionAuthorizations": [ 
      { 
        "FromPort": 3389,
        "IpRange": "0.0.0.0/0",
        "Protocol": "RDP",
        "ToPort": 3389
      }
  ]
}

then you are allowing anyone on the Internet to access the instance.

Instead, open the port with a specific IP address or range of addresses. For example, like this:


{
  "FleetId": "<fleet identifier>",
  "InboundPermissionAuthorizations": [ 
      { 
        "FromPort": 3389,
        "IpRange": "54.186.139.221/32",
        "Protocol": "TCP",
        "ToPort": 3389
      }
  ]
}

Learn more

For more information about how you can make your use of Amazon GameLift more secure, see the AWS Well-Architected Tool Security pillar..

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Configuration and vulnerability analysis

Amazon GameLift reference guides