Steps to connect GameLift fleets and user-managed VPCs with VPC peering
Introducing the settings for making a private connection from a GameLift fleet to a user-managed VPC.
overview
GameLift fleets can set up VPC peering to access user-managed VPCs.
However, as of July 2024, settings cannot be configured from the management console and must be configured using the AWS CLI.
https://docs.aws.amazon.com/gamelift/latest/developerguide/vpc-peering.html
Run the following command to configure VPC peering for your GameLift fleet:
# Authorize VPC peering
aws gamelift create-vpc-peering-authorization --game-lift-aws-account-id <AWS account ID with GameLift fleet> --peer-vpc-id <VPC peering destination VPC ID>
# Verifying VPC peering authorization
aws gamelift describe-vpc-peering-authorizations
# Creating VPC peering
aws gamelift create-vpc-peering-connection --fleet-id <ID of the GameLift fleet with VPC peering> --peer-vpc-aws-account-id <AWS account ID that owns the VPC to which you are VPC peering> --peer-vpc-id <VPC peering destination VPC ID>
# Verifying that the VPC peering was created
aws gamelift describe-vpc-peering-connections
Let's look at each command one by one.
setting
create-vpc-peering-authorization
The "create-vpc-peering-authorization" command pre-authorizes future requests to GameLift to peer the VPC containing your game server with the VPC for non-GameLift resources.
When you run the command, it will look like this:
[cloudshell-user@ip-10-130-61-178 ~]$ aws gamelift create-vpc-peering-authorization --game-lift-aws-account-id 123456789012 --peer-vpc-id vpc-yyyyyyyyyyy
{
"VpcPeeringAuthorization": {
"GameLiftAwsAccountId": "123456789012",
"PeerVpcAwsAccountId": "123456789012",
"PeerVpcId": "vpc-yyyyyyyyyyy",
"CreationTime": "2024-07-23T08:48:19.359000+00:00",
"ExpirationTime": "2024-07-24T08:48:19+00:00"
}
}
describe-vpc-peering-authorizations
You can check the VPC peering authorization details using the "describe-vpc-peering-authorizations" command.
When you run the command, it will look like this:
[cloudshell-user@ip-10-130-61-178 ~]$ aws gamelift describe-vpc-peering-authorizations
{
"VpcPeeringAuthorizations": [
{
"GameLiftAwsAccountId": "123456789012",
"PeerVpcAwsAccountId": "123456789012",
"PeerVpcId": "vpc-yyyyyyyyyyy",
"CreationTime": "2024-07-23T08:48:19.359000+00:00",
"ExpirationTime": "2024-07-24T08:48:19+00:00"
}
]
}
create-vpc-peering-connection
Run the "create-vpc-peering-connection" command to create a VPC peering.
When you run the command, it will look like this:
Even if the command is executed successfully, no response is returned.
[cloudshell-user@ip-10-130-61-178 ~]$ aws gamelift create-vpc-peering-connection --fleet-id fleet-yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy --peer-vpc-aws-account-id 123456789012 --peer-vpc-id vpc-yyyyyyyyyyy
describe-vpc-peering-connections
You can check whether the VPC peering was created successfully by running "describe-vpc-peering-connections".
If the VPC peering creation is successful, the status will be active as shown below.
[cloudshell-user@ip-10-132-70-255 ~]$ aws gamelift describe-vpc-peering-connections
{
"VpcPeeringConnections": [
{
"FleetId": "fleet-yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
"FleetArn": "arn:aws:gamelift:ap-northeast-1:123456789012:fleet/fleet-yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
"IpV4CidrBlock": "10.54.192.0/18",
"VpcPeeringConnectionId": "pcx-111111111111",
"Status": {
"Code": "active",
"Message": "Active"
},
"PeerVpcId": "vpc-yyyyyyyyyyy",
"GameLiftVpcId": "vpc-gggggggggggg"
}
]
}
If VPC peering creation fails, the status will be failed as shown below.
[cloudshell-user@ip-10-132-70-255 ~]$ aws gamelift describe-vpc-peering-connections
{
"VpcPeeringConnections": [
{
"FleetId": "fleet-yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
"FleetArn": "arn:aws:gamelift:ap-northeast-1:123456789012:fleet/fleet-yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
"VpcPeeringConnectionId": "pcx-111111111111",
"Status": {
"Code": "failed",
"Message": "Failed due to incorrect VPC-ID, Account ID, or overlapping CIDR range"
},
"PeerVpcId": "vpc-yyyyyyyyyyy",
"GameLiftVpcId": "vpc-gggggggggggg"
}
]
}
Items to check when setting up VPC peering
When connecting a GameLift fleet and VPC peering, the GameLift fleet and VPC must be located in the same region.
https://docs.aws.amazon.com/gamelift/latest/developerguide/vpc-peering.html#vpc-peering-existing
When setting up a peering, both VPCs must exist in the same region. The VPC for your Amazon GameLift fleet game servers is in the same region as the fleet.
In rare cases, when setting up VPC peering with a GameLift fleet, the CIDR ranges may overlap.
If the CIDR ranges overlap, you can avoid the problem by recreating the GameLift fleet to create a different CIDR.
If the CIDR ranges overlap, you can see the message below.
[cloudshell-user@ip-10-132-70-255 ~]$ aws gamelift describe-vpc-peering-connections
{
"VpcPeeringConnections": [
{
"FleetId": "fleet-yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
"FleetArn": "arn:aws:gamelift:ap-northeast-1:123456789012:fleet/fleet-yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
"VpcPeeringConnectionId": "pcx-111111111111",
"Status": {
"Code": "failed",
"Message": "Failed due to incorrect VPC-ID, Account ID, or overlapping CIDR range"
},
"PeerVpcId": "vpc-yyyyyyyyyyy",
"GameLiftVpcId": "vpc-gggggggggggg"
}
]
}
関連するコンテンツ
- 質問済み 8年前lg...
- AWS公式更新しました 3年前
- AWS公式更新しました 1年前
- AWS公式更新しました 2年前