Appearance
Interacting with AWS
This guide walks you through the steps to obtain AWS credentials with limited scopes to interact with a selection of essential AWS resources for advanced usage.
Skip to content
Target Audience
This page is primarily intended for users on Pre-Launch or Production plans. If you are on a Private Cloud plan, please visit the Introduction to Metaplay Cloud Infrastructure section for more details.
Overview
Although Metaplay Cloud is a fully managed cloud platform, in rare cases, you might still want to have direct control over certain cloud resources. Metaplay provides you with limited access to a selection of cloud resources by offering tailored credentials.
Dependencies
- Project and Environment - You need to have an existing project and cloud environment. You can create these in the Metaplay Portal.
- Metaplay CLI - You need to have the Metaplay CLI installed.
Get Kubernetes Credentials
To access the Kubernetes cluster directly, you need a kubeconfig.yaml file. You can generate the file with:
bash
export KUBECONFIG=/path/to/my-kubeconfig
metaplay get kubeconfig lovely-wombats-build-quickly --output $KUBECONFIGWith a valid kubeconfig.yaml, you can access Kubernetes resources associated with your environment directly:
Kubernetes Namespace
The namespace will be automatically resolved with a tailored kubeconfig.yaml, therefore you don't need to specify a namespace in kubectl commands.
bash
# List the server pods
kubectl get pods -l app=metaplay-server
# Get logs for a pod (-f to follow)
kubectl logs <pod-name> -f
# List Helm deployments, i.e., the game server and possibly load tests
helm lsMetaplay CLI and AWS
As a game server administrator, you may sometimes need to access various underlying AWS resources that the game server relies on. These can include things like the S3 object storage bucket to manage files that the game server might be interacting with, the CloudFront content delivery network distribution when you want to invalidate certain cached objects, and so on.
To get the AWS credentials to access the resources directly:
bash
metaplay get aws-credentials lovely-wombats-build-quicklyThe aws tool allows you to define profiles. The configuration structure of the profiles is flexible and allows you to obtain the credentials from another external process, that in this case can be metaplay, which produces ephemeral AWS credentials in a format that aws accepts.
In the aws config file (typically under ~/.aws/config). Here's how we could define a profile for the game server lovely-wombats-build-quickly following the prior example:
~/.aws/config
toml
[profile lovely-wombats-build-quickly-admin]
# For Posix (Mac, Linux, etc)
credential_process = metaplay get aws-credentials lovely-wombats-build-quickly --format=json
# For Windows
credential_process = cmd /C metaplay get aws-credentials lovely-wombats-build-quickly --format=jsonAfter this, we can ensure that we are logged in with metaplay auth login and just use the regular methods for setting a profile for the aws tool (for example, --profile switches or the AWS_PROFILE environment variable):
bash
$ metaplay auth login
$ aws sts get-caller-identity --profile lovely-wombats-build-quickly-admin
{
"UserId": "AXXXXXXXXXXXXXXXXXXXX:stackapi",
"Account": "000000000000",
"Arn": "arn:aws:sts::000000000000:assumed-role/metaplay-p1-lovely-wombats-build-quickly-gameserver-admin/stackapi"
}