Configuration and vulnerability analysis in Amazon GameLift - Amazon GameLift

Configuration and vulnerability analysis in Amazon GameLift

If you're using Amazon GameLift FleetIQ as a standalone feature with Amazon EC2, see Security in Amazon EC2 in the Amazon EC2 User Guide.

Configuration and IT controls are a shared responsibility between AWS and you, our customer. For more information, see the AWS shared responsibility model. AWS handles basic security tasks like guest operating system (OS) and database patching, firewall configuration, and disaster recovery. These procedures have been reviewed and certified by the appropriate third parties. For more details, see the following resource: Amazon Web Services: Overview of security processes (whitepaper).

The following security best practices also address configuration and vulnerability analysis in Amazon GameLift:

  • Customers are responsible for the management of software that is deployed to Amazon GameLift instances for game hosting. Specifically:

    • Customer-provided game server application software should be maintained, including updates and security patches. To update game server software, upload a new build to Amazon GameLift, create a new fleet for it, and redirect traffic to the new fleet.

    • The base Amazon Machine Image (AMI), which includes the operating system, is updated only when a new fleet is created. To patch, update, and secure the operating system and other applications that are part of the AMI, recycle fleets on a regular basis, regardless of game server updates.

  • Customers should consider regularly updating their games with the latest SDK versions, including the AWS SDK, the Amazon GameLift Server SDK, and the Amazon GameLift Client SDK for Realtime Servers.