AWS for Games Blog

Introducing Amazon Gamelift Servers DDOS Protection

As games grow in popularity, they also become attractive targets for malicious actors seeking to disrupt gameplay through Distributed Denial of Service (DDoS) attacks. An attack occurring during the initial launch of a game, during a visible esports tournament, or while a notable influencer/streamer is playing can have a significant impact on a game’s success and its developer’s reputation.

To address the specialized needs of protecting game servers, Amazon Web Services (AWS) is introducing Amazon GameLift Servers DDoS Protection, a new feature that enables game developers to protect against malicious attempts to disrupt User Datagram Protocol (UDP)-based traffic to a game server hosted on Amazon GameLift Servers.

Unlike traditional DoS/DDoS protection methods for session-based multiplayer games, which react to an attack by finding the single instance that is being impacted and then applying a mitigation, Amazon GameLift Servers DDoS Protection provides proactive, UDP-based DDoS protection for game servers, without the need for manual byte matching, and with negligible latency added.

The new feature is available at no additional cost to Amazon GameLift Servers customers, and it will be initially available in the following regions: US East (N. Virginia), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Asia Pacific (Sydney), Asia Pacific (Tokyo), Pacific (Seoul).

The Challenge: DDoS Attacks in Modern Gaming

DDoS attacks have become one of the most persistent threats facing multiplayer games. Traditional mitigations are typically reactive in nature since they monitor incoming attacks, and then automatically implement a mitigation when the attacks are detected. Attacks can take multiple minutes to detect and multiple additional minutes for mitigations to take effect. By the time mitigations are in place, players may have abandoned their game sessions or even been forcibly disconnected due to the network interface on the instance saturating.

Traditional mitigations are not purpose-built to proactively address attacks on game servers at scale, and they are not designed to handle UDP-based traffic and may require more complex integrations such as managing rotating byte match patterns. Additionally, the mitigations used to protect game servers often result in increased latency and may require updates if attackers find new ways to bypass defenses. Finally, some offerings only support a single game platform (such as PC games exclusively), resulting in developers needing multiple implementations to support multi-platform games.

The Solution: Purpose-built Protection for Game Servers

Amazon GameLift Servers DDoS Protection provides an advanced layer of protection for games running on Amazon GameLift Servers by co-locating a relay network directly alongside the game servers that authenticate clients traffic using access tokens to ensure only authorized traffic reaches the server. In addition, even if the source of an attack presents itself as legitimate, the DDoS Protection feature has per-player traffic limits to further prevent disruptions.

By connecting players to a relay instead of the game server directly, this feature provides IP obfuscation and DDoS protection while maintaining a negligible increase in latency. To maximize resilience, players receive multiple relay endpoints, and connections are distributed across the infrastructure to prevent targeted disruptions against specific players or the entire game session.

Getting started with Amazon GameLift Servers DDoS Protection

Game developers can start using this feature quickly with straightforward integration through the Amazon GameLift Servers console or API, alongside provided sample code for popular game engines including Unreal Engine and native C++. This can be accessed here on the Amazon GameLift Servers release notes. Customers will also be able to deploy custom implementations based on their specific needs.

Once enabled, developers have proactive protection that requires no ongoing supervision. Amazon GameLift Servers DDoS Protection also provides a single interface for protecting games across PC, consoles, and mobile platforms – removing the need for multiple implementations.

Implementation Steps

  1. Fleet configuration: Enable DDoS Protection during fleet creation or through fleet updates.
  2. Client integration: Integrate the DDoS Protection client library into your game client.
  3. Deployment: Deploy protected fleets to production regions.
  4. Monitoring: Configure Amazon CloudWatch dashboards and alerts for ongoing visibility.

Best Practices

  • Gradual rollout: Consider implementing DDoS Protection incrementally across regions.
  • Performance testing: Validate latency and performance characteristics in your specific game environment.
  • Monitoring setup: Establish comprehensive monitoring and alerting before production deployment.

The DDoS Protection feature also provides real-time visibility into protection status across all fleet locations, allowing operators to monitor which regions have active protection and track the health of the relay infrastructure. Additionally, DDoS Protection integrates with Amazon GameLift Server’s game session placement system to enable intelligent routing decisions. Placement queues can be configured to prioritize protected locations, ensuring that new game sessions are created in regions where DDoS Protection is available and healthy.

Learn more

Amazon GameLift Servers DDoS Protection demonstrates how AWS technology can be scaled and leveraged to solve real-world problems that are otherwise too expensive, complex, or time consuming for individual game studios to recreate. This unique new capability, only available with Amazon GameLift Servers, enables game developers to focus on what matters most – players enjoying their game.

To learn more about DDoS Protection, visit the Amazon GameLift Servers website and documentation to get started on enhancing your game’s resilience and player protection.

Adam Chernick

Adam Chernick

Adam is a Worldwide Sr. Solutions Architect dedicated to Amazon GameLift Streams. He has focused his career on real-time 3D, generative AI and adjacent emerging technology.

Dan Green

Dan Green

Dan Green is a Software Development Manager at Amazon Web Services (AWS). He helps customers scale their online games and deliver great player experiences.

Liam McCreith

Liam McCreith

Liam McCreith is a Technical Program Manager on the Amazon GameLift Servers team at Amazon Web Services (AWS) where he helps customers to prepare and launch large-scale multiplayer games.

Mark Choi

Mark Choi

Mark Choi is a Sr. PMT-ES at AWS, specializing in building high-performant, innovative solutions that help game developers deploy, operate, and scale multiplayer games that reach millions of players. As a product leader on Amazon GameLift, he works with mid-size studios to AAA developers, to build and deliver customer-centric features at a global scale.

Michael Morris

Michael Morris

Michael Morris is a Software Development Manager on the Amazon GameLift Servers team where he helps customers launch and operate large-scale multiplayer games.

Brian Schuster

Brian Schuster

Brian Schuster is a Principal Engineer at AWS for Amazon GameLift where he works on shaping the technical direction of the service. He has a deep focus on driving improvement in areas of availability and scalability in order to support the most demanding requirements of large-scale games.