Setting up Amazon Web Service

To use the Defold Live update feature together with Amazon services you need an Amazon Web Services account. If you don’t already have an account you can create one here https://aws.amazon.com/.

This section will explain how to create a new user with limited access on Amazon Web Services that can be used together with the Defold editor to automatically upload Live update resources when you bundle your game, as well as how to configure Amazon S3 to allow game clients to retrieve resources. For additional information about how you can configure Amazon S3, please see the Amazon S3 documentation.

1. Create a bucket for Live update resources

   Open up the Services menu and select S3 which is located under the Storage category (Amazon S3 Console). You will see all your existing buckets together with the option to create a new bucket. Though it is possible to use an existing bucket, we recommend that you create a new bucket for Live update resources so that you can easily restrict access.

   

2. Add a bucket policy to your bucket

   Select the bucket you wish to use, open the Properties panel and expand the Permissions option within the panel. Open up the bucket policy by clicking on the Add bucket policy button. The bucket policy in this example will allow an anonymous user to retrieve files from the bucket, which will allow a game client to download the Live update resources that are required by the game. For additional information about bucket policies, please see the Amazon documentation.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "AddPerm",
                "Effect": "Allow",
                "Principal": "*",
                "Action": "s3:GetObject",
                "Resource": "arn:aws:s3:::defold-liveupdate-example/*"
            }
        ]
    }
   

   

3. Add a CORS configuration to your bucket (Optional)

   Cross-Origin Resource Sharing (CORS) is a mechanism that allows a website to retrieve a resource from a different domain using JavaScript. If you intend to publish your game as an HTML5 client, you will need to add a CORS configuration to your bucket.

   Select the bucket you wish to use, open the Properties panel and expand the Permissions option within the panel. Open up the bucket policy by clicking on the Add CORS Configuration button. The configuration in this example will allow access from any website by specifying a wildcard domain, though it is possible to restrict this access further if you know on which domains you will make you game available. For additional information about Amazon CORS configuration, please see the Amazon documentation.

    <?xml version="1.0" encoding="UTF-8"?>
    <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
        <CORSRule>
            <AllowedOrigin>*</AllowedOrigin>
            <AllowedMethod>GET</AllowedMethod>
        </CORSRule>
    </CORSConfiguration>
   

   

4. Create IAM policy

   Open up the Services menu and select IAM which is located under the Security, Identity & Compliance category (Amazon IAM Console). Select Policies in the menu to the left and you will see all your existing policies together with the option to create a new policy.

   Click the button Create Policy, and then choose to Create Your Own Policy. The policy in this example will allow a user to list all buckets, which is only required when configuring a Defold project for Live update. It will also allow the user to get the Access Control List (ACL) and upload resources to the specific bucket used for Live update resources. For additional information about Amazon Identity and Access Management (IAM), please see the Amazon documentation.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:ListAllMyBuckets"
                ],
                "Resource": "arn:aws:s3:::*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:GetBucketAcl"
                ],
                "Resource": "arn:aws:s3:::defold-liveupdate-example"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject"
                ],
                "Resource": "arn:aws:s3:::defold-liveupdate-example/*"
            }
        ]
    }
   

   

5. Create a user for programmatic access

   Open up the Services menu and select IAM which is located under the Security, Identity & Compliance category (Amazon IAM Console). Select Users in the menu to the left and you will see all your existing users together with the option to add a new user. Though it is possible to use an existing user, we recommend that you add a new user for Live update resources so that you can easily restrict access.

   Click the button Add User, provide a username and choose Programmatic access as Access type, then press Next: Permissions. Select Attach existing policies directly and choose the policy you created in step 4.

   When you’ve completed the process you will be provided with an Access key ID and a Secret access key.

   It is very important that you store those keys since you will not be able to retrieve them from Amazon after you leave the page.

6. Create a credentials profile file

   At this point you should have created a bucket, configured a bucket policy, added a CORS configuration, created a user policy and created a new user. The only thing that remains is to create a credentials profile file so that the Defold editor can access the bucket on your behalf.

   Create a new directory .aws in your home folder, and create a file called credentials within the new directory.

    $ mkdir ~/.aws
    $ touch ~/.aws/credentials
   

   The file ~/.aws/credentials will contain your credentials to access Amazon Web Services through programmatic access and is a standardised way to manage AWS credentials. Open the file in a text editor and enter your Access key ID and Secret access key in the format shown below.

    [defold-liveupdate-example]
    aws_access_key_id = <Access key ID>
    aws_secret_access_key = <Secret access key>
   

   The identifier specified within the brackets, in this example defold-liveupdate-example, is the same identifier that you should provide when configuring your project’s Live update settings in the Defold editor.