AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-03-10 · Documentation low

File: wellarchitected/latest/games-industry-lens/games-sec-bp-iam.md

Summary

Updated references from 'Amazon GameLift' to 'Amazon GameLift Servers' in documentation links and text

Security assessment

Changes only modify product name references without introducing new security content or addressing vulnerabilities. The security practices described (Cognito credentials, session validation) remain unchanged.

Diff

diff --git a/wellarchitected/latest/games-industry-lens/games-sec-bp-iam.md
index f756fe76a..7f0232966 100644
--- a/wellarchitected/latest/games-industry-lens/games-sec-bp-iam.md
+++ b/wellarchitected/latest/games-industry-lens/games-sec-bp-iam.md
@@ -28 +28 @@ You should provide an authentication service for players to login, which should
-If your game supports anonymous access and you cannot authenticate a player, you can use a client authentication approach to provide a secure experience when integrating with your game backend. If your game client uses AWS services, then requests to these services must be signed using credentials. To provide credentials to your game client for unauthenticated users, you can use the AWS SDK to retrieve short-lived credentials from [Amazon Cognito Identity Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) that can be used to sign your requests to AWS services. These credentials can be refreshed from your game client. In addition to directly integrating with the AWS SDK from the game client, you can also build your own game backend, using a service such as Amazon API Gateway, which supports custom authorization. By designing your own game backend service, you can gain authoritative control over all requests with custom server-side logic. For more information on building a backend service for games hosted using Amazon GameLift, refer to [Design your backend service](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift_quickstart_customservers_designbackend.html).
+If your game supports anonymous access and you cannot authenticate a player, you can use a client authentication approach to provide a secure experience when integrating with your game backend. If your game client uses AWS services, then requests to these services must be signed using credentials. To provide credentials to your game client for unauthenticated users, you can use the AWS SDK to retrieve short-lived credentials from [Amazon Cognito Identity Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) that can be used to sign your requests to AWS services. These credentials can be refreshed from your game client. In addition to directly integrating with the AWS SDK from the game client, you can also build your own game backend, using a service such as Amazon API Gateway, which supports custom authorization. By designing your own game backend service, you can gain authoritative control over all requests with custom server-side logic. For more information on building a backend service for games hosted using Amazon GameLift Servers, refer to [Design your backend service](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift_quickstart_customservers_designbackend.html).
@@ -34 +34 @@ Typically, in multiplayer games, a player will join a game session by selecting
-For example, in a session-based multiplayer game, a request from a player to join a game session should be validated by your game server software with your game backend matchmaking service before authorizing their connection to the server. When a player requests to join a game session, the game server should check the request for a unique identifier, such as a player session ID and server-generated ticket that was previously provided to the game client by your game backend matchmaking service. Upon initiating the connection to the game server, your server-side software can use this information to verify with the matchmaking service that the player's connection request is valid, and ensure that the player is not joining a spot previously reserved in the game session for another player. For games hosted using Amazon GameLift, refer to the [Amazon GameLift documentation](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-server-api.html#gamelift-sdk-server-validateplayer) for an example of how this type of server-side validation can be implemented.
+For example, in a session-based multiplayer game, a request from a player to join a game session should be validated by your game server software with your game backend matchmaking service before authorizing their connection to the server. When a player requests to join a game session, the game server should check the request for a unique identifier, such as a player session ID and server-generated ticket that was previously provided to the game client by your game backend matchmaking service. Upon initiating the connection to the game server, your server-side software can use this information to verify with the matchmaking service that the player's connection request is valid, and ensure that the player is not joining a spot previously reserved in the game session for another player. For games hosted using Amazon GameLift Servers, refer to the [Amazon GameLift Servers documentation](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-server-api.html#gamelift-sdk-server-validateplayer) for an example of how this type of server-side validation can be implemented.