AWS gameliftservers medium security documentation change
Summary
Added TLS certificate lifetime restrictions and rotation requirements to meet CA compliance
Security assessment
The changes address security compliance by enforcing shorter TLS certificate lifespans (down to 47 days by 2029) to mitigate risks associated with long-lived certificates. This directly responds to industry-wide security best practices for certificate management.
Diff
diff --git a/gameliftservers/latest/developerguide/data-protection.md b/gameliftservers/latest/developerguide/data-protection.md index e63965c40..3b16e25a0 100644 --- a//gameliftservers/latest/developerguide/data-protection.md +++ b//gameliftservers/latest/developerguide/data-protection.md @@ -69,0 +70,2 @@ Direct communication between game clients and game servers is as follows: + * Certificates for TLS-enabled fleets are created at the same time as the fleet, and their expiration dates are based on the fleet creation date. + @@ -74,0 +77,17 @@ Direct communication between game clients and game servers is as follows: +###### Note + +To meet Certificate Authority requirements for TLS certificates, Amazon GameLift Servers will adjust the maximum certificate lifetimes for fleets configured to generate a certificate. Certificate lifetimes begin on fleet creation and will be changed on the following schedule: + + * Until March 11, 2026, the maximum lifetime for a TLS certificate issued is 398 days. + + * As of March 1, 2026, the maximum lifetime for a TLS certificate issued will be 200 days. + + * As of March 1, 2027, the maximum lifetime for a TLS certificate issued will be 100 days. + + * As of March 1, 2029, the maximum lifetime for a TLS certificate issued will be 47 days. + + + + +To ensure that your certificates are renewed, and to maintain up-to-date game server runtime environments, Amazon GameLift Servers recommends regularly replacing your game server fleets. +