Build and operate games with security in mind, ensuring players have fun, safe experiences.
Welcome to Building Games on AWS, a collection of YouTube series where we show you how to use AWS for games. In this series we’ll go over Security considerations for hosting game workloads on AWS.
Keep your game and your players' data safe and secure
Get to know the tenets and underlying purpose of AWS’s approach to security, including the controls in the AWS environment and some of the products and features that AWS makes available to customers to meet your security objectives in this AWS Introduction to Security whitepaper.
Custom-built security solutions
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards your games and data running on AWS.
AWS Security Hub is a cloud security posture management service that automates recommended checks, aggregates alerts, and can trigger automated remediation.
Amazon GuardDuty is a threat detection service that monitors for malicious activity and anomalous behavior to protect AWS accounts, workloads, and data.
Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle.
Track player activity and API usage.
Deploy network security across your Amazon VPCs.
See what some of our game development friends and customers have to say about the AWS Security solutions.
"In the gaming industry, the security and wellness of SaaS solutions are critical. A security breach, in many cases, can mean game over for us. AWS solutions give us control over the most sensitive points of our infrastructure. We extensively use AWS WAF to weed out dangerous vulnerabilities-scanning traffic from our servers and regularly reviewing Guard Duty insights to identify and fix potential problems early."
Piotr Korzuszek, CTO and Software Developer - PatchKit
It's dangerous to go alone...take this. Learn from the experience of others who have taken this journey and want to see our industry become stronger and more secure while delivering the best experiences for our customers.
Dynamically react to suspicious users by utilizing AWS WAF Security Automations.
Application-specific attacks or cheating attempts often don’t come out of the blue. When bad actors prepare to compromise an application, they leave traces: Unsuccessful login attempts, increased error code rates, exceeded API limits, just to name a few. Malicious bots often tend to crawl everything they can access, even endpoints a real user would never or just rarely use.
This is where AWS WAF Security Automations comes into the game: You can deploy the solution with one click to your existing HTTP APIs and configure it to detect unusual behavior in your application. It even allows you to create a honeypot that can be used to detect crawlers and bots. The solution deploys an AWS WAF Web ACL, which can be directly attached to Amazon CloudFront, Application Load Balancers (ALB), Amazon API Gateway and AWS AppSync.
As the Solution is well documented, you can easily extract meaningful data from its components to use throughout your workload. For example, you can query Amazon Athena for a list of suspicious IPs within the last hour. This data allows you to build a custom inspect list that can be used in your matchmaking to keep these potentially malicious players away from your game, or maybe just send them to a dedicated game server, isolated from the friendly player base.
Protect your game against unintended data exposure
Build a strong security culture, make it important, and include everyone in your game studio. See how you can protect your games against Data Breaches.
Protect your game server's instance credentials using Amazon GuardDuty
Protect your game, AWS accounts, workloads, and data stored in Amazon Simple Storage Service (Amazon S3) by continuously monitoring for malicious activity and unauthorized behavior with Amazon GuardDuty.
How to defend games against DDoS attacks
This blog discusses the architecture decisions you can make to best utilize AWS’s DDoS prevention.& mitigation capabilities
Using Amazon Cognito to authenticate players for a game backend service
Amazon Cognito is a quick and easy player authentication and identity management service for your games.
Innovate with key industry partners
Discover purpose-built AWS for Games solutions and services from an extensive network of industry-leading AWS Partners who have demonstrated technical expertise and customer success in building solutions on AWS.
Partner Spotlight: Teradici
Secure, flexible high-performance remote game development
Create an interactive remote game development experience with Teradici's secure, flexible, high-performance, low-latency remote game development on the cloud. Work remotely, accelerate game production, and secure sensitive assets with lossless and unmatched color accuracy.
Partner Spotlight: CrowdStrike, Inc.
ONE PLATFORM. EVERY INDUSTRY. SUPERIOR PROTECTION.
CrowdStrike protects the people, processes and technologies that drive modern enterprise. A single agent solution to stop breaches, ransomware, and cyber attacks—powered by world-class security expertise and deep industry experience.
Partner Spotlight: Lacework, Inc.
Lacework: a modern day approach to cloud security for the gaming industry
You're developing games, not playing them. Neither is Lacework. We automate and continuously monitor your compliance and security, from build to runtime, so you can run faster, jump further, and expand your empire. Consolidate tools, optimize your SIEM, secure your containers. Game recognizes game.
Partner Spotlight: Druva
Protect your game with multi-layered data resilience
Keep your data safe and available, anytime and anywhere, with the Druva Data Resiliency Cloud. Automate a foolproof response and recovery process to cyber incidents, ensure data availability with forever incremental backups, and protect data with an air-gapped, globally available architecture.
We stop breaches.
With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.
Protect. Renew. Empower.
The global #1 Games Protection and Anti-Piracy technology helping game publishers and developers to secure PC, console and mobile games.
Multi-layered data resilience
Keep your game and player data secure and compliant with air-gapped, immutable, backups and accelerated ransomware response & recovery.
Protect PAC-MAN and fellow pals
Gamers get malicious attempts at a rate of 14 million per day. Learn how F5
saves PAC-MAN and pals by protecting 4+ billion transactions per week.
Securely Scale Global Games 24x7x365
Automated, self-healing, scaling AWS architectures and designs are Foghorn’s forte. Powerful results achieved for leading global games companies.
Multi-layered data resilience
Automate your cloud security, from build time to runtime, with Lacework, and securely accelerate and expand your empire. Game recognizes game.
Gaming Apps Monitoring Made Simple with Logz.io
Monitoring huge amounts of data to maintain visibility into your environment can mean the difference between winning and game over.
AWS Consulting and Managed Cloud Services
Mission accelerates enterprise cloud transformation by delivering a differentiated suite of agile managed cloud services and consulting.
Secure Cloud File Storage for Game Builds
Nasuni + AWS provides dynamic cloud file storage for sharing large, packaged game builds across studios with built-in backup and ransomware recovery.
Do what you need to do, from anywhere
Parsec gives you access to your hardware in seconds with near-zero latency and unparalleled input accuracy when you plug in a keyboard, mouse, tablet, or gamepad. Video streams look silky smooth, with 60FPS 4K video in vivid color across up to 3 monitors. Forget you’re somewhere else.
Reach compliance with Prisma Cloud
Prisma Cloud simplifies Pokémon’s path to PCI compliance with consistent monitoring and one-click reports.
We redefine what's possible
Slalom’s gaming experts have helped AAAs, streamers, and single-game studios harness the full power of AWS to improve gameplay, security, and optimize.
High-performance remote game development
Get secure, flexible, high-performance, low-latency remote game development on the cloud with the same user experience as if you were in the studio.
Building a game has different challenges compared to many applications. Find AWS documentation and game-specific samples, reference architectures, and more to help you build your game in the cloud.
General AWS security whitepaper
Free AWS security learning plan
AWS Foundations: Securing Your AWS Cloud
Security Workshop Hub
AWS T&C Created Ramp-up Security Guide
Start your security solutions here
Delivering a safe and secure experience for our customers is critical to the success and growth of our games and businesses, but it's not always easy to figure out how to get started implementing solutions and best practices. We've put together a few key steps in the
process to help you get started.
“Everything starts with a threat model”.
Work through threat modeling - and when you reach item 9 in the article, also consider the balance of risk versus overhead. Risk divides into residual risk (which is accepted as part of “the risk of doing business”) and material risk (which requires the application of compensating controls to turn it into residual risk). As the article describes, construct and categorize your policies, technical and procedural controls to mitigate risk to your satisfaction (incorporating controls from requirements in regulation and legislation, which you may need to have constructed from interpretations by your Legal team), and map these controls to services and features which can help achieve them.
To help you construct this mapping, use the following:
While there are capabilities you will want to provide yourself using your own code, AWS services, and potentially open-source code, use your policies and control framework to identify the partners you intend to engage to deliver the functions you don’t want to have to manage, or which are outside the scope of AWS services. For example, if your game requires users to authenticate to your environment, which federated identity providers do you intend to support?
If you’re using EC2 such that your control framework requires you to implement on-instance antimalware tools beyond SELinux capability profiles, what tools are available in the AWS Marketplace to meet your requirements, bearing in mind that you may need to autoscale groups of instances both up and down?
Unless you’re just starting to explore AWS as a hobbyist or in your spare time, you’re going to need a soundly-designed multi-account environment to learn, develop, build, test and deploy in, while keeping the different environments and the data they hold, suitably segregated from each other.
Work through Organizing Your AWS Environment Using Multiple Accounts, to design your multi-account structure. As some kinds of games can consume a lot of non-client resource, if yours is one of these, consider how your environment may need to scale rapidly when your game becomes popular. How this is done depends on the kinds of AWS services your game is hosted on, but always be mindful of per-account service quotas. Where your control framework requires, deploy DDoS mitigations Organization-wide as outlined in the AWS Best Practices for DDoS Resiliency whitepaper.
You’re now ready to look at defining and enforcing your tagging strategy in Organizations policy (see Tag policies), and configuring your monitoring and incident response framework based on your policies and threat model, including suppressing findings which may be extraneous to your specific needs.
On incident response framework recommendations, see this AWS Security Incident Response Guide - sample runbooks for specific incident scenarios are available on GitHub.
Where your chosen response policy includes activities which can be automated based on monitoring events, see the AWS Security Hub Automated Response and Remediation implementation guide for a framework and automation set to help achieve this.
Once you’ve done all the above, build your CI/CD pipelines and integrate the security tooling with them (static analysis, dependency analysis, pentesting environment, etc) which your control framework requires - after which, you’re ready to upload your golden baseline images (where applicable) and your game code, and start building, testing and deploying your game!