Configuration and vulnerability analysis in Amazon GameLift Servers - Amazon GameLift Servers

Configuration and vulnerability analysis in Amazon GameLift Servers

If you're using Amazon GameLift ServersĀ FleetIQ as a standalone feature with Amazon EC2, see Security in Amazon EC2 in the Amazon EC2 User Guide.

Configuration and IT controls are a shared responsibility between AWS and you, our customer. For more information, see the AWS shared responsibility model. AWS handles basic security tasks like guest operating system (OS) and database patching, firewall configuration, and disaster recovery. These procedures have been reviewed and certified by the appropriate third parties. For more details, see the following resource: Amazon Web Services: Overview of security processes (whitepaper).

The following security best practices also address configuration and vulnerability analysis in Amazon GameLift Servers:

  • Customers are responsible for the management of software that is deployed to Amazon GameLift Servers instances for game hosting. Specifically:

    • Customer-provided game server application software should be maintained, including updates and security patches. To update game server software, upload a new build to Amazon GameLift Servers or provide it in a new container image, create a new fleet for it, and redirect traffic to the new fleet.

    • The base Amazon Machine Image (AMI), which includes the operating system, is updated only when a new fleet is created. To patch, update, and secure the operating system and other applications that are part of the AMI, replace fleets on a regular basis, regardless of game server updates. At minimum, production fleets should be replaced at least once a year. See Keep fleet runtime environments up to date for more details.

  • Customers should consider regularly updating their games with the latest SDK versions, including the AWS SDK, the Amazon GameLift Servers Server SDK, and the Amazon GameLift Servers Client SDK for Realtime Servers.