AWS gameliftservers documentation change
Summary
Added new section 'IAM permissions for VPC peering' listing required EC2 permissions
Security assessment
Documents required IAM permissions for secure VPC peering operations, helping prevent misconfigurations, but doesn't address a specific security vulnerability.
Diff
diff --git a/gameliftservers/latest/developerguide/vpc-peering.md b/gameliftservers/latest/developerguide/vpc-peering.md index 0b5ac515e..0be10424e 100644 --- a//gameliftservers/latest/developerguide/vpc-peering.md +++ b//gameliftservers/latest/developerguide/vpc-peering.md @@ -7 +7 @@ -To set up VPC peering for an existing fleetTo set up VPC peering with a new fleetTroubleshooting VPC peering issues +IAM permissions for VPC peeringTo set up VPC peering for an existing fleetTo set up VPC peering with a new fleetTroubleshooting VPC peering issues @@ -18,0 +19,19 @@ If you're already familiar with Amazon VPCs and VPC peering, understand that set +## IAM permissions for VPC peering + +Amazon GameLift Servers uses the caller's credentials to update peer-VPC resources. The IAM user that calls `CreateVpcPeeringAuthorization` or `CreateVpcPeeringConnection` must have the following Amazon EC2 permissions enabled: + + * `ec2:AcceptVpcPeeringConnection` + + * `ec2:AuthorizeSecurityGroupEgress` + + * `ec2:AuthorizeSecurityGroupIngress` + + * `ec2:CreateRoute` + + * `ec2:DescribeRouteTables` + + * `ec2:DescribeSecurityGroups` + + + +