GameLift HoL > Start with FleetIQ > Setting Fiesta IAM

Setting Fiesta IAM

Setting IAM for using Fiesta

To use independent FleetIQ, it is needed to make restricted permissions for EC2 instances and Auto Scaling.

Login to IAM console. (https://console.aws.amazon.com/iam)
Click “Create Policy” on IAM policy menu.
Create policy and put JSON schema for it.

Fiesta

Policy document is configured like below. You can paste this code.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:TerminateInstances",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/GameLift": "GameServerGroups"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "autoscaling:CompleteLifecycleAction",
                "autoscaling:ResumeProcesses",
                "autoscaling:EnterStandby",
                "autoscaling:SetInstanceProtection",
                "autoscaling:UpdateAutoScalingGroup",
                "autoscaling:SuspendProcesses",
                "autoscaling:DetachInstances"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/GameLift": "GameServerGroups"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeImages",
                "ec2:DescribeInstances",
                "autoscaling:DescribeAutoScalingGroups",
                "ec2:DescribeLaunchTemplateVersions"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "sns:Publish",
            "Resource": [
                "arn:aws:sns:*:*:ActivatingLifecycleHookTopic-*",
                "arn:aws:sns:*:*:TerminatingLifecycleHookTopic-*"
            ]
        }
    ]
}

Set the name of policy as FleetIQFiestaPolicy.

Fiesta

Let’s make IAM role to use this policy. Create Role with EC2 use case like below.

Fiesta

Attach FleetIQFiestaPolicy that we made right before to permission policies.

Fiesta

We should edit its trusted relationship. It is configured to ec2 for trusted entity.

Fiesta

Edit trusted relationship like below.

{
    "Version": "2012-10-17",
    "Statement": [
       {
          "Effect": "Allow",
          "Principal": {
          "Service": [
              "gamelift.amazonaws.com",
              "autoscaling.amazonaws.com"
          ]
       },
       "Action": "sts:AssumeRole"
      }
    ]  
 }

Policy document described above means GameLift and Auto Scaling can assume this role.

When you finish to make IAM policy and Role for Fiesta, let’s move on configuration for server instances for FleetIQ.