Skip to content

Unity Licensing Server Module

The Unity Licensing Server is an application that manages a pool of floating licenses for the Unity Editor within an organization. It functions as a centralized system, allowing administrators to assign and track Unity Editor licenses to users, providing greater control and flexibility compared to node-locked or named-user licenses. The server uses an HTTP or HTTPS connection to communicate with the Unity Licensing Client on user machines and offers a dashboard for administrators to monitor license usage and server health. The Unity Licensing Client is included with the Unity Editor (2019.4 or later) and the Unity Hub (3.1 or later). Floating licensing is available exclusively for Enterprise plans subscribers.

While the Unity Licensing Server deployment has been simplified and streamlined in this module, it remains a multi-step process requiring manual intervention. A local zip file of the Unity Licensing Server is required when configuring and running the module. It can be downloaded from the Organizations section in the Unity ID portal. For simplicity and cost optimization, this module requires the Linux version of the executable.

The deployment uses an Amazon EC2 instance to run the Unity Licensing Server. An Amazon Elastic Network Interface (ENI) is attached to the instance to provide a static private (and public if configured) IP to separate network settings from the compute instance, as the Unity Licensing Server binds the license to the machine's identity, which includes the following information:

  • The server's MAC address
  • The server's operating system
  • The number of processor cores on the server
  • The name of the server

Note that if the Licensing Server needs to be hosted by a new machine, a support ticket will need to be submitted to Unity Support to revoke the Licensing Server so a new one can be configured.

The Licensing Server provides an admin dashboard. The username is admin and cannot be changed. The password is generated securely by the module and stored in AWS Secrets Manager.

An Amazon S3 bucket is created and mounted to the instance. This bucket will be used to provide the user with files created by the Unity Licensing Server, as well as to provide files to the Licensing Server that will need to be imported in later steps.

Upon deployment, two created files will be copied to the S3 bucket:

  • The server registration request file server-registration-request.xml, which contains machine binding information from the server.
  • The services configuration file services-config.json, which must be deployed to all client computers intending to use the Licensing Server.

  • Note that this file must be placed in the following location:

    OS Path
    Windows %PROGRAMDATA%\Unity\config\
    Linux /usr/share/unity3d/config/
    Mac /Library/Application Support/Unity/config/

The server-registration-request.xml will need to be uploaded to the Unity ID portal (where the Licensing Server executable was downloaded from) to register the server. Once successful, download the licenses zip file. Without renaming the file, upload it to the S3 bucket. A background process will detect the uploaded licenses file, and import them into the Unity Licensing Server, finishing the process.

Deployment Architectures

Simple Unity Licensing Server Architecture Simple architecture where clients connect directly to an EC2 instance in a public (or private) subnet through a primary ENI with static public/private IPs. The EC2 instance hosts the Unity Licensing Server and connects to AWS Secrets Manager and Amazon S3 (mounted via s3fs).

Enhanced Unity Licensing Server Architecture Architecture providing enhanced security through network isolation where client traffic is routed through Amazon Route 53 to an Application Load Balancer before reaching the Unity Licensing Server.

Examples

For example configurations, please see the examples.

Requirements

Name Version
terraform >= 1.9
aws ~> 6.0
awscc ~> 1.51
local ~> 2.4
null ~> 3.2
random ~> 3.7

Providers

Name Version
aws ~> 6.0
awscc ~> 1.51
local ~> 2.4
null ~> 3.2
random ~> 3.7

Modules

No modules.

Resources

Name Type
aws_eip.unity_license_server_eip resource
aws_iam_instance_profile.ec2_profile resource
aws_iam_role.ec2_access_role resource
aws_iam_role_policy.access_policy resource
aws_iam_role_policy_attachment.ssm_policy resource
aws_instance.unity_license_server resource
aws_lb.unity_license_server_alb resource
aws_lb_listener.unity_license_server_https_dashboard_listener resource
aws_lb_listener.unity_license_server_https_dashboard_redirect resource
aws_lb_target_group.unity_license_server_tg resource
aws_lb_target_group_attachment.unity_license_server resource
aws_network_interface.unity_license_server_eni resource
aws_s3_bucket.alb_access_logs_bucket resource
aws_s3_bucket.unity_license_server_bucket resource
aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration resource
aws_s3_bucket_policy.lb_access_logs_bucket_policy resource
aws_s3_bucket_public_access_block.access_logs_bucket_public_block resource
aws_s3_bucket_public_access_block.block_public_access resource
aws_s3_bucket_server_side_encryption_configuration.bucket_encryption resource
aws_s3_object.unity_license_file resource
aws_security_group.unity_license_server_alb_sg resource
aws_security_group.unity_license_server_sg resource
aws_vpc_security_group_egress_rule.unity_license_server_alb_egress_service_8080 resource
aws_vpc_security_group_egress_rule.unity_license_server_egress_all resource
aws_vpc_security_group_ingress_rule.unity_license_server_ingress_from_alb_8080 resource
awscc_secretsmanager_secret.admin_password_arn resource
null_resource.generate_presigned_urls resource
null_resource.wait_for_user_data resource
random_string.alb_access_logs_bucket_suffix resource
aws_ami.ubuntu_latest data source
aws_elb_service_account.main data source
aws_iam_policy_document.access_logs_bucket_alb_write data source
aws_instance.unity_license_server data source
aws_network_interface.existing_eni data source
local_file.config_url data source
local_file.registration_url data source

Inputs

Name Description Type Default Required
unity_license_server_file_path Local path to the Linux version of the Unity Floating License Server zip file. string n/a yes
vpc_id The ID of the VPC in which the Unity Floating License Server will be deployed. string n/a yes
vpc_subnet The subnet where the EC2 instance running the Unity Floating License Server will be deployed. string n/a yes
add_eni_public_ip If true and "existing_eni_id" is not provided, an Elastic IP (EIP) will be created and associated with the newly created Elastic Network Interface (ENI) to be used with the Unity Floating License Server. If "existing_eni_id" is provided, this variable is ignored and no new EIP will be added to the provided ENI. bool true no
alb_access_logs_bucket ID of the S3 bucket for Application Load Balancer access log storage. If access logging is enabled and this is null the module creates a bucket. string null no
alb_access_logs_prefix Log prefix for Unity License Server Application Load Balancer access logs. If null the project prefix and module name are used. string null no
alb_certificate_arn The ARN of the SSL certificate to use for the Application Load Balancer. string null no
alb_is_internal Set this flag to determine whether the Application Load Balancer to create is internal (true) or external (false). Value is ignored if no ALB is created. bool false no
alb_subnets The subnets in which the Application Load Balancer will be deployed. list(string) [] no
create_alb Set this flag to true to create an Application Load Balancer for the Unity License Server dashboard. bool true no
enable_alb_access_logs Enables access logging for the Application Load Balancer used by Unity License Server. Defaults to true. bool true no
enable_alb_deletion_protection Enables deletion protection for the Application Load Balancer. Defaults to true. bool true no
enable_instance_detailed_monitoring Enables detailed monitoring for the instance by increasing the frequency of metric collection from 5-minute intervals to 1-minute intervals in CloudWatch to provide more granular data. Note this will result in increased cost. bool false no
enable_instance_termination_protection If true, enables EC2 instance termination protection from AWS APIs and console. bool true no
existing_eni_id ID of an existing Elastic Network Interface (ENI) to use for the EC2 instance running the Unity Floating License Server, as its registration will be binded to it. If not provided, a new ENI will be created. string null no
name The name applied to resources in the Unity Floating License Server module. string "unity-license-server" no
tags Tags to apply to resources created by this module. map(any) 
{
  "environment": "Dev",
  "iac-management": "CGD-Toolkit",
  "iac-module": "UnityFloatingLicenseServer",
  "iac-provider": "Terraform"
}
 no
unity_license_server_admin_password_arn ARN of the AWS Secrets Manager secret containing the Unity Floating License Server admin dashboard password. Password must be the only value and stored as text, not as key/value JSON. If not passed, one will be created randomly. Password must be between 8-12 characters. string null no
unity_license_server_bucket_name Name of the Unity Floating License Server-specific S3 bucket to create. string "unity-license-server-" no
unity_license_server_instance_ami_id The Ubuntu-based AMI ID to use in the EC2 instance running the Unity Floating License Server. Defaults to the latest Ubuntu Server 24.04 LTS AMI. string null no
unity_license_server_instance_ebs_size The size of the EBS volume in GB. string "20" no
unity_license_server_instance_type The instance type to use for the Unity Floating License Server. Defaults to t3.small. string "t3.small" no
unity_license_server_name Name of the Unity Floating License Server. string "UnityLicenseServer" no
unity_license_server_port Port the Unity Floating License Server will listen on (between 1025 and 65535). Defaults to 8080. string "8080" no

Outputs

Name Description
alb_dns_name DNS endpoint of Application Load Balancer (ALB).
alb_security_group_id ID of the Application Load Balancer's (ALB) security group.
alb_zone_id Zone ID for Application Load Balancer (ALB).
created_unity_license_server_security_group_id Id of the security group created by the script, for the Unity License Server instance. Null if an ENI was provided externally instead of created through the script.
dashboard_password_secret_arn ARN of the secret containing the dashboard password.
eni_id Elastic Network ID (ENI) used when binding the Unity Floating License Server.
instance_private_ip The EC2 instance's private IP address.
instance_public_ip The resulting EC2 instance's public IP, if configured.
registration_request_filename Filename for the server registration request file.
registration_request_presigned_url Presigned URL for downloading the server registration request file (valid for 1 hour).
services_config_filename Filename for the services config file.
services_config_presigned_url Presigned URL for downloading the services configuration file (valid for 1 hour).
unity_license_server_port Port the Unity Floating License Server will listen on.
unity_license_server_s3_bucket S3 bucket name used by the Unity License Server service.