Amazon Introduces New DDoS Protection for Devs Using AWS GameLift Servers
Amazon is rolling out a new always-on DDoS protection feature for game servers hosted on Amazon's GameLift Servers architecture.
As multiplayer games continue to grow in scale and visibility, they have also become increasingly attractive targets for malicious attacks. Distributed Denial of Service (DDoS) incidents can cripple servers during critical moments, whether that’s a highly anticipated launch, a major esports event, or a live stream from a prominent creator.
Even a short disruption can cascade into frustrated players, abandoned matches, and long-term damage to a studio’s reputation.
To help address this challenge, Amazon Web Services (AWS) has introduced Amazon GameLift Servers DDoS Protection, a new feature designed specifically to protect multiplayer game servers hosted on Amazon GameLift.
We reached out via email about the news to get more details and context.
The vast majority of video games made today utilize online services to operate everything from community engagement to tournaments to always-on virtual worlds. This reliance on online services makes them vulnerable to attacks and compromise by bad actors. An attack during a game's launch day, during an online tournament, or a livestream with a top influencer can cost a studio hundreds of thousands of dollars per hour and permanently damage a game's reputation. Existing solutions that game developers deploy are reactive, slow to mitigate threats, and weren't designed for the way games actually work. We built Amazon GameLift Servers DDoS Protection because game developers deserve protection that's as purpose-built as the games they're making, and we're making it available as part of the Amazon GameLift Server offering at no additional cost.
- Chris Melissinos, Principal Evangelist, Video Games and Interactive Entertainment at AWS
Unlike traditional mitigation systems that react after an attack is detected, the new solution aims to proactively defend game servers while maintaining minimal impact on latency.
DDoS attacks have become one of the most persistent threats facing modern online games, particularly those with session-based multiplayer architectures. Traditional security solutions often rely on reactive detection and mitigation, meaning it can take several minutes to identify an attack and deploy countermeasures. By that point, servers may already be overwhelmed, players may have been disconnected, and the overall gameplay experience can suffer significantly.
Amazon GameLift Servers DDoS Protection works by routing player traffic through a relay network that is co-located directly alongside the game server, rather than exposing the server's IP address directly to players. This means attackers can't target what they can't see. Each player is randomly assigned to multiple relay endpoints, so even if one relay comes under pressure, traffic seamlessly fails over to another without the player ever noticing, minimizing the impact to your entire online player base.
- Chris Melissinos, Principal Evangelist, Video Games and Interactive Entertainment at AWS
Amazon’s new approach focuses on purpose-built infrastructure tailored for the unique networking requirements of multiplayer games. By routing player connections through a relay network positioned alongside game servers, the system authenticates traffic using secure access tokens while obscuring server IP addresses.
The result is a layer of protection designed to prevent malicious traffic from ever reaching the game server, while maintaining negligible latency and enabling developers to support large-scale multiplayer experiences more reliably.
Attackers tend to strike during those moments that matter most to a game's success, like a game’s launch day, final rounds in a tournament, or a streamer going viral with your game. Amazon GameLift Servers DDoS Protection is always-on, which means it doesn't need to detect an attack before it starts protecting. From the moment a game session begins, every player's traffic is authenticated through access tokens, and per-player traffic limits are enforced to prevent any single connection from being weaponized, even if the attacker’s session appears legitimate. Because players are randomly distributed across multiple relay nodes, a targeted attack on one relay can't take down an entire session, while players on the targeted node are automatically migrated to another endpoint, keeping their gameplay session intact. The result is that legitimate players stay connected and protected, while malicious traffic never reaches the game server in the first place.
- Chris Melissinos, Principal Evangelist, Video Games and Interactive Entertainment at AWS
For more information on how it works, check out the Amazon GameLift Servers website and documentation.
Also, subscribe to our Newsletter, join our 80 Level Talent platform and our new Discord server, follow us on Instagram, Twitter, LinkedIn, Telegram, TikTok, and Threads, where we share breakdowns, the latest news, awesome artworks, and more.
