Game Security

Build and operate games with security in mind, ensuring players have fun, safe experiences.

Welcome to Building Games on AWS, a collection of YouTube series where we show you how to use AWS for games. In this series we’ll go over Security considerations for hosting game workloads on AWS.

Keep your game and your players' data safe and secure

Handle your game data securely
Build your game with security in mind with AWS’s global infrastructure. Low latency, high throughput data moving across the AWS global network and our datacenters is automatically encrypted before it leaves our secured facilities.
Protect your game infrastructure
Secure your game servers and infrastructure from external threats. AWS offers robust tools to protect against common distributed denial of service (DDoS) attacks. AWS regularly achieves third-party validation for thousands of global compliance requirements that we continually monitor to help you meet security and compliance standards for multiple industries including gaming.
Robust monitoring & observability
AWS offers a suite of products that enable you to monitor the health of your game. Create dashboards to view the health and utilization of your infrastructure, monitor in-game errors and anomalies, and keep track of player engagement and churn.

Get to know the tenets and underlying purpose of AWS’s approach to security, including the controls in the AWS environment and some of the products and features that AWS makes available to customers to meet your security objectives in this AWS Introduction to Security whitepaper. 

Custom-built security solutions

Detect player Toxicity in real-time

Toxicity in games is a significant challenge for the gaming industry, impacting player experience and engagement. AWS enables you to address toxicity in games with a comprehensive approach that involves both technology and human intervention. Our platform and partners together offer cutting-edge solutions to combat toxic behavior in online games, and help you grow your community. Spanning real-time monitoring of in-game chats, voice communications, cohort modelling and other interactions to identify and flag toxic behavior, we're committed to working closely with game developers and publishers to provide customized solutions tailored to their unique needs, ensuring a better gaming experience for all. See our guidance for a cost efficient pattern for real time detection, and Amazon Transcribe for a fully managed batch solution.

Learn more »

AWS for Games: Account Take Over Attempts

Every player starts with an identity, and protecting your gamers’ accounts and identities are a part of AWS’ top priority. That is one of the many reasons why we have created our AWS WAF Fraud Control Account Takeover Prevention (ATP). ATP helps to reduce fraud and prevent what we call account takeovers. An account takeover is when an unauthorized user gains control of another gamer’s account. We recognize the hard work our gamers and developers put in, especially in esports. Therefore, we combat this issue in two ways: investigation of responses coming in, and analyzation of responses going out. When a gamer logs into your game, we will look to see if those credentials are stolen from the dark web, as well as looking at previous login information to determine anomalies and alert you of suspicious activity. On the response side, we look at how your game reacts to login attempts, and if someone is attempting brute force password combinations or other attack types we can put in measures to stop that. Security is our top priority, and we welcome our gamers and game developers alike to improve their security through AWS.

Customer Stories

See what some of our game development friends and customers have to say about the AWS Security solutions. 

Use Cases

It's dangerous to go alone...take this. Learn from the experience of others who have taken this journey and want to see our industry become stronger and more secure while delivering the best experiences for our customers.

Dynamically react to suspicious users by utilizing AWS WAF Security Automations.

Application-specific attacks or cheating attempts often don’t come out of the blue. When bad actors prepare to compromise an application, they leave traces: Unsuccessful login attempts, increased error code rates, exceeded API limits, just to name a few. Malicious bots often tend to crawl everything they can access, even endpoints a real user would never or just rarely use.

This is where AWS WAF Security Automations comes into the game: You can deploy the solution with one click to your existing HTTP APIs and configure it to detect unusual behavior in your application. It even allows you to create a honeypot that can be used to detect crawlers and bots. The solution deploys an AWS WAF Web ACL, which can be directly attached to Amazon CloudFront, Application Load Balancers (ALB), Amazon API Gateway and AWS AppSync.

As the Solution is well documented, you can easily extract meaningful data from its components to use throughout your workload. For example, you can query Amazon Athena for a list of suspicious IPs within the last hour. This data allows you to build a custom inspect list that can be used in your matchmaking to keep these potentially malicious players away from your game, or maybe just send them to a dedicated game server, isolated from the friendly player base.

Learn more about AWS WAF Security »

Protect your game against unintended data exposure

Protect your game against unintended data exposure

Build a strong security culture, make it important, and include everyone in your game studio. See how you can protect your games against Data Breaches.

Read the blog »

Protect your game server's instance credentials using Amazon GuardDuty

Protect your game server's instance credentials using Amazon GuardDuty

Protect your game,  AWS accounts, workloads, and data stored in Amazon Simple Storage Service (Amazon S3) by continuously monitoring for malicious activity and unauthorized behavior with Amazon GuardDuty.

Learn more »

How to defend games against DDoS attacks

How to defend games against DDoS attacks

This blog discusses the architecture decisions you can make to best utilize AWS’s DDoS prevention.& mitigation capabilities

Read the blog »

How to Set Up Player Authentication with Amazon Cognito

Using Amazon Cognito to authenticate players for a game backend service

Amazon Cognito is a quick and easy player authentication and identity management service for your games. 

Read the blog »

Innovate with key industry partners

Discover purpose-built AWS for Games solutions and services from an extensive network of industry-leading AWS Partners who have demonstrated technical expertise and customer success in building solutions on AWS.


We stop breaches.

With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.

Learn more about CrowdStrike »
Denuvo by Irdeto

Protect. Renew. Empower.

The global #1 Games Protection and Anti-Piracy technology helping game publishers and developers to secure PC, console and mobile games.

Learn more about Denuvo by Irdeto »

Multi-layered data resilience

Keep your game and player data secure and compliant with air-gapped, immutable, backups and accelerated ransomware response & recovery. 

Learn more about Druva »

Protect PAC-MAN and fellow pals 

Gamers get malicious attempts at a rate of 14 million per day. Learn how F5
saves PAC-MAN and pals by protecting 4+ billion transactions per week. 

Learn more about F5 »

Securely Scale Global Games 24x7x365

Automated, self-healing, scaling AWS architectures and designs are Foghorn’s forte. Powerful results achieved for leading global games companies. 

Learn more about Foghorn »

Multi-layered data resilience

Automate your cloud security, from build time to runtime, with Lacework, and securely accelerate and expand your empire. Game recognizes game. 

Learn more about Lacework »

Gaming Apps Monitoring Made Simple with

Monitoring huge amounts of data to maintain visibility into your environment can mean the difference between winning and game over.

Learn more about »
Mission Cloud Services

AWS Consulting and Managed Cloud Services

Mission accelerates enterprise cloud transformation by delivering a differentiated suite of agile managed cloud services and consulting. 

Learn more about Mission »

Secure Cloud File Storage for Game Builds

Nasuni + AWS provides dynamic cloud file storage for sharing large, packaged game builds across studios with built-in backup and ransomware recovery. 

Learn more about Nasuni »

Do what you need to do, from anywhere

Parsec gives you access to your hardware in seconds with near-zero latency and unparalleled input accuracy when you plug in a keyboard, mouse, tablet, or gamepad. Video streams look silky smooth, with 60FPS 4K video in vivid color across up to 3 monitors. Forget you’re somewhere else.

Learn more about Parsec »
Paloalto Networks

Reach compliance with Prisma Cloud

Prisma Cloud simplifies Pokémon’s path to PCI compliance with consistent monitoring and one-click reports.

Learn more about Palo Alto Networks »

We redefine what's possible

Slalom’s gaming experts have helped AAAs, streamers, and single-game studios harness the full power of AWS to improve gameplay, security, and optimize.

Learn more about Slalom »

High-performance remote game development

Get secure, flexible, high-performance, low-latency remote game development on the cloud with the same user experience as if you were in the studio.

Learn more about Teradici »


Building a game has different challenges compared to many applications. Find AWS documentation and game-specific samples, reference architectures, and more to help you build your game in the cloud.

DDoS whitepaper

General AWS security whitepaper

Free AWS security learning plan

AWS Foundations: Securing Your AWS Cloud

Security Workshop Hub

AWS T&C Created Ramp-up Security Guide

Start your security solutions here

Delivering a safe and secure experience for our customers is critical to the success and growth of our games and businesses, but it's not always easy to figure out how to get started  implementing solutions and best practices. We've put together a few key steps in the
process to help you get started. 

Step 1

“Everything starts with a threat model”.  

Work through threat modeling - and when you reach item 9 in the article, also consider the balance of risk versus overhead. Risk divides into residual risk (which is accepted as part of “the risk of doing business”) and material risk (which requires the application of compensating controls to turn it into residual risk). As the article describes, construct and categorize your policies, technical and procedural controls to mitigate risk to your satisfaction (incorporating controls from requirements in regulation and legislation, which you may need to have constructed from interpretations by your Legal team), and map these controls to services and features which can help achieve them. 

To help you construct this mapping, use the following: 

Step 2

While there are capabilities you will want to provide yourself using your own code, AWS services, and potentially open-source code, use your policies and control framework to identify the partners you intend to engage to deliver the functions you don’t want to have to manage, or which are outside the scope of AWS services. For example, if your game requires users to authenticate to your environment, which federated identity providers do you intend to support? 

If you’re using EC2 such that your control framework requires you to implement on-instance antimalware tools beyond SELinux capability profiles, what tools are available in the AWS Marketplace to meet your requirements, bearing in mind that you may need to autoscale groups of instances both up and down? 

Step 3

Unless you’re just starting to explore AWS as a hobbyist or in your spare time, you’re going to need a soundly-designed multi-account environment to learn, develop, build, test and deploy in, while keeping the different environments and the data they hold, suitably segregated from each other. 

Work through Organizing Your AWS Environment Using Multiple Accounts, to design your multi-account structure. As some kinds of games can consume a lot of non-client resource, if yours is one of these, consider how your environment may need to scale rapidly when your game becomes popular. How this is done depends on the kinds of AWS services your game is hosted on, but always be mindful of per-account service quotas. Where your control framework requires, deploy DDoS mitigations Organization-wide as outlined in the AWS Best Practices for DDoS Resiliency whitepaper.



Step 4

You’re now ready to look at defining and enforcing your tagging strategy in Organizations policy (see Tag policies), and configuring your monitoring and incident response framework based on your policies and threat model, including suppressing findings which may be extraneous to your specific needs. 

On incident response framework recommendations, see this AWS Security Incident Response Guide - sample runbooks for specific incident scenarios are available on GitHub

Where your chosen response policy includes activities which can be automated based on monitoring events, see the AWS Security Hub Automated Response and Remediation implementation guide for a framework and automation set to help achieve this. 

Once you’ve done all the above, build your CI/CD pipelines and integrate the security tooling with them (static analysis, dependency analysis, pentesting environment, etc) which your control framework requires - after which, you’re ready to upload your golden baseline images (where applicable) and your game code, and start building, testing and deploying your game!