If you're using Amazon GameLift Servers FleetIQ as a standalone feature with Amazon EC2, see Security in Amazon EC2 in the Amazon EC2 User Guide.
Amazon GameLift Servers provides a number of security features to consider as you develop and implement your own security policies. The following best practices are general guidelines and don't represent a complete security solution. Because these best practices might not be appropriate or sufficient for your environment, treat them as helpful considerations rather than prescriptions.
Don't open ports to the Internet
We strongly recommend against opening ports to the Internet because doing so poses a security risk. For example, if you use UpdateFleetPortSettings to open a remote desktop port like this:
{
"FleetId": "<fleet identifier>",
"InboundPermissionAuthorizations": [
{
"FromPort": 3389,
"IpRange": "0.0.0.0/0",
"Protocol": "RDP",
"ToPort": 3389
}
]
}
then you are allowing anyone on the Internet to access the instance.
Instead, open the port with a specific IP address or range of addresses. For example, like this:
{
"FleetId": "<fleet identifier>",
"InboundPermissionAuthorizations": [
{
"FromPort": 3389,
"IpRange": "54.186.139.221/32",
"Protocol": "TCP",
"ToPort": 3389
}
]
}
Learn more
For more information about how you can make your use of Amazon GameLift Servers more secure, see the AWS Well-Architected Tool Security
pillar.
