AWS for Games Blog

6 lessons game developers can learn from Epic Games’ cloud governance strategy

This blog is co-written by Reza Nikoopour, Principal Engineer, Cloud Governance at Epic Games.

For game studios large and small, a smart cloud governance strategy can go a long way in reducing costs and increasing security for a live service game. Following are a few key learnings from Epic Games’ work with Amazon Web Services (AWS) that game developers should consider when developing a cloud governance strategy.

Since the launch of Fortnite in 2017, Epic’s player base has reached 500 million registered accounts. Fortnite was built on AWS, using services like Amazon Elastic Compute Cloud (Amazon EC2) for its backend infrastructure. Today, Epic continues to rely on AWS technologies to support its worldwide game server fleet.

With AWS, Epic can automatically scale compute capacity based on fluctuations in player demand as the game continues to grow.

“AWS was instrumental in providing us guidance as we navigated forming a cloud governance group at Epic. We’ve been able to reduce our cloud spend by about 20 percent, and have better resource visibility across the board.” – Shane Smith, VP of Technology Services at Epic Games.

This is thanks, in part, to an initiative that kicked off in 2022 to achieve cloud efficiency, not just proficiency, and digitally transform Epic’s backend to better support new evolutions of Fortnite.

  1. Establish guardrails

Game developers often dream of releasing a smash hit title, but popularity can be tough to predict. Effective strategies for tagging, permission management, and cloud resource governance are often unable to be prioritized during ramp-up mode. Then, when a game quickly climbs the charts, a developer’s focus is almost entirely directed at maintaining the experience.

Cloud governance, however, is crucial as it provides a set of rules, processes, and reports that guide an organization’s best practices. Taking time to ensure visibility into cloud resources across the board and understanding a game’s critical paths can better position developers for long-term success.

  1. Tap into AWS expertise

In its quest to improve cloud governance, Epic formed a steering committee with internal technical leadership and representatives from its AWS account team. Early committee discussions included cloud maturity and best practices, and how AWS could help Epic be more operationally efficient. From there, Epic worked closely with AWS Professional Services and their AWS Customer Solutions Manager. They assembled a diverse group of cloud enthusiasts from across the company to create the Cloud Governance team, also known as a cloud center of excellence (CCoE).

  1. Understand ownership

To make meaningful changes, Epic needed a standard way to interface with engineers and developers working in AWS accounts to determine ownership. The Cloud Governance team identified a group of people responsible for each account and then created real-time communication channels to easily exchange information. This foundation enabled Epic to build and enforce additional controls across their cloud environment.

  1. Grant access

Epic’s Cloud Governance team focused on providing self-service access requests to AWS using a combination of GitHub, Okta, SailPoint, and AWS IAM Identity Center. GitHub holds the infrastructure as code that defines users’ AWS Identity and Access Management (IAM) roles and where they are deployed. AWS IAM Identity Center distributes the standard IAM roles across Epic’s AWS accounts. Okta provides identity and group memberships that control access to roles in accounts. SailPoint enables account managers to approve or deny access requests to their accounts.

  1. Automate configuration

After working out self-service access and permissions, Epic’s Cloud Governance team used AWS Step Functions to deploy the baseline configuration of every account in Epic’s environment. This ranges from deploying default constructs, like IAM roles, to cost preventative measures, such as enabling log expirations for all AWS Lambda functions. It also includes security measures, like enabling Amazon Elastic Block Store (Amazon EBS) encryption by default in every region. By using AWS Step Functions and AWS Lambda, Epic can now focus on core configuration tasks without workflow orchestration concerns and be confident that every account is properly configured.

  1. Enforce standards

Before Epic’s Cloud Governance team could implement policies, they first had to establish the right mechanisms, so Epic partnered with a governance solution provider. Epic forwards events from all accounts using Amazon EventBridge into a single location to inspect and act on. As a result, the Cloud Governance team can enforce a minimum set of tags that provide ownership and cost attribution information.

Enforcement happens immediately and automatically removes resources that are missing the required tags from Epic’s environment. The team set up similar enforcement mechanisms for Amazon Relational Database Service (Amazon RDS) and Amazon ElastiCache, requiring these services to run on cost-efficient AWS Graviton instance types, while allowing for exceptions by request. Whenever a resource is impacted by an automated policy, it triggers notifications to relevant stakeholders for visibility.

In addition to the preceding real-time enforcements, Epic wanted to include scanning infrastructure as code (IaC) changes as they happened. Epic introduced a required workflow that runs in every GitHub organization whenever IaC changes are detected in a pull request. Any issues discovered are directly commented on in the pull request. This puts information directly into the developers’ workflows so they can fix issues before they are deployed. 

Wrapping up

With an introspective look at its people, processes, and technology, Epic has made meaningful progress on its cloud governance journey and realized great results.

In addition to realizing cost savings, Epic also now has better resource visibility, with nearly 100 percent of AWS resources tagged in both production and development accounts. Continuous, vigorous auditing of permissions and better-centralized tracking have also strengthened Epic’s security, continuing to drive positive cultural change across the company.

For game developers interested in learning more about smart cloud governance strategies, check out how other companies have determined best cloud practices. Contact an AWS Representative to know how we can help accelerate your business.

Further reading

Gena Gizzi

Gena Gizzi

Gena Gizzi is a Sr. Games Solutions Architect for AWS. She helps games customers build, launch, and scale their games and businesses on AWS.

Ryan Rumble

Ryan Rumble

Ryan Rumble is a Principal Customer Solutions Manager with AWS. Alongside driving Program Management for his teams and customers, Ryan specializes in helping companies navigate transformation and mature on their cloud journeys.