AWS for Games Blog

New Solution Guidance for building scalable cross-platform game backends on AWS

Games are increasingly cross-platform and online, and game developers need to develop secure and scalable backend features to support these online elements of their games. Developers also want to allow players to play with their friends across platforms, and move gameplay between those platforms to provide a seamless player experience.

Customers share with us that setting up a game backend service requires a fair amount of undifferentiated heavy lifting. This takes time and focus away from what really matters, the specific features that make their games’ online experience unique. Game developers want to get started quickly, while following best practices and building for scale, cost efficiency, and observability.

Introducing Guidance for Custom Game Backend Hosting on AWS

The Guidance for Custom Game Backend Hosting on AWS is a framework implemented to simplify getting started with cross-platform game backend development, and to provide a unified way of developing scalable backend features on AWS. It supports multiple game engines including Unreal Engine 5, Unity 2021 (and above), and Godot 4. The REST API can be easily integrated with any custom engine in addition. The framework comes with a scalable identity component that supports a number of key game platform identity systems including Facebook, Google Play, Sign in with Apple, and Steam. The identity component also supports anonymous guest users for getting started quickly, and allows extending to other platforms, such as consoles, by using the existing integrations as a starting point. The framework provides templates for getting started with serverless and container-based backend feature development. The templates leverage the cross-platform identity component for authentication. All of the components come with observability built in, using AWS X-Ray and Amazon CloudWatch to provide visibility into your game backend performance. The components are automatically deployed with AWS Cloud Development Kit (AWS CDK), which helps you deploy consistently across environments.

How does it work?

Once you have the identity component deployed, you can create a new guest user account. A guest user receives a user_id and a guest_secret that can be used for subsequent logins. A guest login can be made automatically in your game client code. Here’s the sample code for Unity:


After this you can deploy some of the sample backend templates and access them with authentication from the game client. Here’s the sample code for Unity for a request to get player data from a custom backend component:

AWSGameSDKClient.Instance.BackendGetRequest(this.backendEndpointUrl, "get-player-data", this.OnGetPlayerDataResponse);

In the backend code you’ll have an authenticated user ID that you can use to access their data. The solution comes with two sample backend components, a serverless Amazon API Gateway HTTP API (Python), and an AWS Fargate service (Node.js) to demonstrate the player access authorization and simple backend functionality to store and retrieve player data.

This sample showed how to log in as a guest to receive a unique guest identity. When you integrate with 3rd party platform identities, you can link to an existing user (such as guest), and even link multiple platforms to the same user. This allows starting as a guest, adding a 3rd party login afterwards, and moving between platforms.

Getting Started with the solution

To get started deploying the solution, install Git and clone the repository from GitHub:

git clone

If you’re on Windows, it’s important to have a short path to the repository, such as C:\Projects\aws-game-backend-framework to avoid any path length issues.


To deploy the solution, you are expected to create an AWS account, create an Identity and Access Management (IAM) User, install AWS Command Line Interface (AWS CLI), and configure AWS credentials on your local system. In addition, you will need to install Node.jsAWS Cloud Development Kit (AWS CDK) v2, and the Docker engine. Docker needs to be running prior to starting any terminals.

Another option is to deploy the solution using an AWS Cloud9 environment, which is a fully-featured Cloud IDE. An AWS Cloud9 environment will have all the required tools pre-installed. You will need to resize the AWS Cloud9 environment volume to ensure you have enough storage for all the dependencies. Resize the volume to 50GB if you deploy the solution in AWS .

Deploying the Identity Component

Once we have our environment set up, you are ready to deploy the identity component. If you only want to support guest identities, and don’t want to integrate with 3rd party identity providers at first, you can deploy the AWS CDK stack with the default settings. You can add 3rd party identity providers at any time. To deploy the identity component, run the following commands in your terminal after navigating to the repository folder:

  1. cd CustomIdentityComponent to open the right component folder
  2. npm install to install AWS CDK app dependencies
  3. cdk bootstrap to bootstrap your account for AWS CDK, see Bootstrapping for more information
  4. cdk synth to synthesize the AWS CDK app and validate that your configuration works
  5. cdk deploy to deploy the AWS CDK app to your account

Once you’re done, you will see a stack named CustomIdentityComponentStack deployed in the AWS CloudFormation console. The key resource is an API Gateway endpoint with API’s for logging in as a guest user and refreshing access tokens. The SDK’s provided for the different game engines will support these API’s.

The JSON Web Key Set (JWKS) of the identity component will automatically rotate every 7 days (default) by a scheduled AWS Lambda function. To initialize this process with the first set of keys, run the following commands:

MacOS and Linux (Shell)

fn=$(aws cloudformation describe-stacks --stack-name CustomIdentityComponentStack --query 'Stacks[0].Outputs[?OutputKey==`GenerateKeysFunctionName`].OutputValue' --output text)
aws lambda invoke --function-name $fn response.json

Windows (PowerShell)

$fn = aws cloudformation describe-stacks --stack-name CustomIdentityComponentStack --query 'Stacks[0].Outputs[?OutputKey==`GenerateKeysFunctionName`].OutputValue' --output text
aws lambda invoke --function-name $fn response.json

If you want to add integrations for any platform specific identity systems, you need to define an application on the identity provider’s developer portal and set up integration following the guidelines in the deployment guide.

Deploying a Backend Component Template

The solution includes two sample backend component templates

Both of the sample components provide API’s that serve as a starting point for setting and getting player data from an Amazon DynamoDB table. You can extend these API’s with your custom backend features.

Next you deploy the serverless backend to test the integration with the identity component and game engines. Open the AWS CloudFormation management console, and select the CustomIdentityComponentStack stack. Then select Outputs to view the endpoints you deployed.

CloudFormation Stack outputs for the CustomIdentityComponentStack

Copy the value of IssuerEndpointUrl to your clipboard. This is the Amazon CloudFront endpoint that the HTTP API will use to fetch the public keys of our identity provider. The keys are used to validate the JSON Web Tokens (JWT’s) received from the client for authorization.

Open the file BackendComponentSamples/bin/backend_component_samples.ts in your favorite text editor and set the value of const issuerEndpointUrl to the value you copied from the stack outputs.

Now you are ready to deploy the serverless backend API. Run the following commands in your terminal or Powershell (administrator mode):

  1. cd .. to return to the root and cd BackendComponentSamples to navigate to samples
  2. npm install to install AWS CDK app dependencies
  3. cdk synth to synthesize the AWS CDK app and validate your configuration works
  4. cdk deploy PythonServerlessHttpApiStack to deploy the AWS CDK app to your account

You now have the identity component, with support for guest identities, deployed, as well as the serverless sample backend component that utilizes this identity component to authenticate users. You are now ready to test the integration from the game engine side.

Testing the Integration

To test the integration with your engine of choice, see the Unity SDK ReadmeUnreal SDK Readme, and Godot SDK Readme for details. All of these integrations contain a lightweight SDK for communicating with the identity component and the backend API’s, as well as sample scenes or levels that showcase integrations with different platform specific identity systems.

This article shows testing the integration with Godot 4, but you can follow the instructions for your game engine of choice.

Download and install Godot 4Open the Godot sample project (GodotSample/project.godot).

Open the level


Open the script


Open the AWS CloudFormation management console, and select the CustomIdentityComponentStack stack. Then select Outputs to view the endpoints you deployed.

CloudFormation Stack outputs for the CustomIdentityComponentStack

Copy the value of LoginEndpointUrl to your clipboard.

Paste the value to replace the placeholder value “https://YOURENDPOINTHERE/prod/” of variable const login_endpoint in the script.

Open the AWS CloudFormation management console and select the PythonServerlessHttpApiStack stack. Then select Outputs to view the endpoints you just deployed.

CloudFormation Stack outputs for the PythonServerlessHttpApiStack

Copy the value of BackendEndpointUrl to your clipboard.

Paste the value to replace the placeholder value “https://YOURENDPOINTHERE/prod” of const backend_endpoint  in the script.

Your configuration should look similar to this:

Example values for login_endpoint and backend_endpoint in Godot

Select Run Current Scene from the top right of the editor. You should see an output similar to the below in the Output console:

Example log output for running the Godot application. User logs in as guest and sets and gets player data through the serverless APIs.

The user is logged in either as an existing user (you’ll see this on the second run after the login info is stored), or as a new user if there are no existing credentials. You then receive an authentication token and a refresh token. The refresh token is used by the SDK to automatically refresh the authentication tokens every 15 minutes by default. The authentication token is used to call both set-player-data and get-player-data API’s provided by the serverless backend component we deployed. You’ll see the output of those authenticated requests as well.


To clean up the resources, open the AWS CloudFormation management console, select the CustomIdentityComponentStack, and select “Delete”. Then select the PythonServerlessHttpApiStack, and select “Delete”.


We covered an overview of the Guidance for Custom Game Backend Hosting on AWS, and went through the steps of deploying the solution. After the initial setup, you can start adding custom code for backend features, and add game platform integrations to build out the backend for your game. The documentation provided in GitHub dives deeper into the details of the architecture and features of the solution. This documentation is useful when you start customizing and extending the features, or start integrating with your existing backend systems.

This solution will help you get started developing your own set of game backend features on AWS for your next game, and we look forward to the game experiences you will build with it!