Networking & Content Delivery

Accelerate & Protect Games with Amazon CloudFront, AWS Shield, & AWS WAF

Game Developers Conference 2018

So, you’ve taken months, if not years, to create the perfect game and you just know your users are going to love it. Now it’s time to launch. All that’s left to do is put your game on the marketplace and let players have at it, right? Not quite, but we can help.

To really 1-up your chances of success, you’ll need a network and security strategy so at this year’s Game Developer Conference (GDC) we’ll have AWS experts on hand to go over the essentials of creating a great game experience. Here are some topics to consider as you make your way on the annual pilgrimage to San Francisco. If you can’t make the trek, this post provides insights and links to topics that will help make your game’s delivery more successful. Let’s get to it.

Accelerate Your Game at Global Scale

So where to begin? The first step is to use a content delivery network (CDN) like Amazon CloudFront to cache your static, binary content like game downloads, mods, promotional content, and patches closer to your users. CloudFront has more than 100 Points of Presence (POPs) located all around the world so your content can be cached and delivered closer to your players, which provides a faster and more reliable user experience. Using CloudFront to globally distribute your content will also play an important role in reducing the load on your game’s download origin, which can be especially important if your game unexpectedly becomes a smashing success.

CloudFront can also accelerate dynamic turn-based, asynchronous games by reducing latency through terminating SSL connections at the edge, TCP optimizations, reusing session connections, and using the AWS private network for optimized, low latency routing between the POP and your origin game server. Read our blog, ‘Dynamic Whole Site Delivery’ for more information on delivering dynamic content with CloudFront.

It’s also important to protect your website and authentication portals with CloudFront. Many developers are using Lambda@Edge to program and customize CloudFront’s response to specific user requests. For example, you can now use CloudFront and Lambda@Edge to enhance the security of your web application by authorizing user requests before a response is given, even without having to change the application itself. Check out our blog, ‘Authorization@Edge’ to see a step-by-step guide on our blog on how to implement this solution.

Now, you might be concerned that all these features and global performance is going to cost you a lot of loot. One of the benefits of CloudFront is that it can be more cost effective to deliver data out of CloudFront than out of Amazon Simple Storage Service (S3) or Amazon Elastic Compute Cloud (EC2). Furthermore, AWS does not charge fees for any data transfer between CloudFront and other AWS origins like S3 and EC2. You only pay for the request fees and data transfer out of CloudFront. Depending on your need, you can pay for per GB bandwidth with our on-demand pricing or through reserved capacity pricing for customers who are willing to commit to a minimum monthly usage level (>10TB/mo.) for 12 months.

Protect Your Game from Malicious Attacks

Even though your game is now in your players’ hands, it doesn’t mean you’re out of the woods yet. You’re still vulnerable to DDoS attacks (think: mindless zombie horde of internet connected devices constantly attacking your servers), which seek to overload your game servers so they are no longer available for your players. Games are particularly susceptible to DDoS attacks according to the Q3 2017 Securelist report from Kaspersky. In fact, two of the largest profile DDoS attacks in 2017 were against gaming companies. If you’re game goes down due to a DDoS attack, your players might assume that your game was at fault rather than malicious hackers seeking to disrupt your game. Players might blame the game which could result in a loss of users to competing games. So what can be done?

We’ll start with a nice perk. AWS Shield Standard is automatically available on all AWS services at no additional charge. Shield Standard protects against the most common Layer 3 and 4 DDOS attacks, and gives you access to tools and best practices to build a DDOS resilient architecture.

If you’d like enhanced protection against larger and more sophisticated attacks, get visibility into those attacks, and get 24×7 access to DDOS experts for complex cases, then AWS Shield Advanced is for you. AWS Shield Advanced can protect your games, web portals, and authentication portals from network layer and transport layer attacks of all kinds, including UDP-based DDoS attacks on your EC2 game servers. This is especially helpful for customers with MMO games with UDP-based traffic.

You also get access to our DDoS Response Team (DRT) for non-emergency and emergency cases. During business hours, you can engage with them to discuss how to make your particular architecture more DDoS resilient or set up custom mitigations. In the event of an attack, they are available 24×7 to help mitigate the attack, employ advanced routing techniques and apply custom mitigations to quickly relieve application pain.

Besides this, you want to make sure that you have complete visibility into possible anomalies and get actionable insights. You can get real time notifications by setting up alarms on CloudWatch metrics that AWS Shield Advanced emits. You will also be able to access diagnostics for post-mortem insights.

We’re confident in our ability to protect your game and other services from DDoS attacks. With AWS Shield Advanced, you get “DDoS cost protection”, a feature that protects your AWS bill from EC2, Elastic Load Balancing (ELB), Amazon CloudFront and Amazon Route 53 usage spikes as a result of a DDoS attack. To receive all the benefits of AWS Shield Advanced, customers can sign up for a one-year commitment, $3K monthly subscription fee plus data transfer out fees.

For web application attacks, CloudFront can integrate with the AWS Web Application Firewall (WAF) to help protect your web applications from common web exploits. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns specific to your application. AWS WAF charges based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive. There are no upfront commitments. For resources that you protect with AWS Shield Advanced, you even get AWS WAF at no additional cost.

Visit us at GDC 2018

If you want to learn more about Amazon CloudFront, AWS Shield, and AWS WAF, come check us out at booth #1001 at GDC in San Francisco from March 21st – 23rd. During the conference we’ll have two classroom talks focused on DDoS protection and Content Delivery. You can check out our AWS at GDC site for more details on classroom times and locations. The AWS GDC site is a great resource to learn more about AWS solutions such as deploying your own game servers, building backend services like leaderboards and player authentication, and building a quick and easy analytics pipeline.

Congratulations on building your game! We hope it’s a great success and that we can be an integral part in making it faster and highly available no matter the circumstances. To get started with CloudFront, please visit our Getting Started webpage.

And to that we say, Game on!