Modernize game backend services with AWS Global Accelerator

TutoSartup excerpt from this article:
We’ll explore how Amazon Web Services (AWS) Global Accelerator can modernize legacy game infrastructure by using the adapter pattern… By positioning Global Accelerator as a facade for traditional game services, existing game clients remain functional even as backend services evolve… AWS Glo…

Live service and multiplayer games must continually evolve in order to offer high-performance and immersive experiences. The feature sets of these games have continuously expanded to include real-time matchmaking, cross-play, in-game transactions, and social interactions. However, many developers are constrained by outdated, monolithic architectures that struggle to meet modern demands for scalability, performance, and security. These legacy systems not only hinder the delivery of new features but also expose vulnerabilities to sophisticated threats, such as DDoS attacks targeting both game servers and backend infrastructure.

We’ll explore how Amazon Web Services (AWS) Global Accelerator can modernize legacy game infrastructure by using the adapter pattern. This design pattern enables systems to work together despite mismatched communication interfaces and supports decoupling monolithic applications into microservices, a key modernization approach. By positioning Global Accelerator as a facade for traditional game services, existing game clients remain functional even as backend services evolve. This allows the introduction of modern services to enhance the player experience without disrupting existing client functionality.

Cloud architecture patterns to modernize games live services

This diagram represents a traditional game backend architecture on AWS. On the left, game clients, which support both IPv4 and IPv6 protocols, communicate with the backend using HTTP/HTTPS or WebSockets. The traffic passes through AWS Shield Advanced, which provides DDoS protection at the edge, and then into an application load balancer (ALB). This distributes traffic to backend services based on health checks and load-balancing algorithms. Backend services, shown on the right, include Amazon EC2 Auto Scaling for scalable compute, AWS Lambda for serverless functions, AWS Fargate for containerized tasks, Amazon EKS for Kubernetes-based workloads, and Amazon ECS for container orchestration.

Figure 1: A traditional game backend architecture on AWS, including game clients communicating through HTTP/HTTPS or WebSockets, through an application load balancer with AWS Shield Advanced for DDoS protection, routing traffic to backend services such as Amazon EC2, AWS Lambda, AWS Fargate, Amazon EKS, and Amazon ECS.

Traditionally, gaming companies relied on application load balancers (ALBs) or network load balancers (NLBs) to connect players to services. These load balancers often integrate with auto scaling groups (where target Amazon Elastic Compute Cloud (Amazon EC2) instances were setup) to run game servers or game services dynamically, and have some form of DDoS protection enabled.

As games have evolved to always-on live services, backend services have become crucial for handling player authentication, matchmaking, social interactions and in-game transactions. This industry shift has also made game backends prime candidates for DDoS attacks that target the services and APIs used to connect players to them. These legacy architectures that often-remained static post-launch now require some form of modernization to keep up with players’ demand for seamless, low latency experiences.

AWS Global Accelerator

This diagram illustrates the architecture of AWS Global Accelerator. On the left, end-user requests originate from client devices and are routed through AWS Global Accelerator, which enables connections to up to 10 AWS Regions within the AWS global network. AWS Global Accelerator directs traffic based on proximity and performance to regional resources on the right. These resources include a NLB in AWS Region 1, an ALB in AWS Region 2, and a standalone Amazon EC2 instance in AWS Region 3. Each region processes the traffic using its designated resource to verify low latency and high availability.

Figure 2: How AWS Global Accelerator routes end-user requests to the nearest and most performant AWS Region, directing traffic to resources such as NLB, ALB, or Amazon EC2 instances.

AWS Global Accelerator is a networking service that helps you improve the availability, performance, and security of your public applications. Global Accelerator provides two global, static IPs that serve as fixed entry points to your application endpoints (such as ALBs, NLBs, Amazon EC2 instances, and Elastic IP addresses) giving you the ability to virtually front legacy stacks that need to be modernized.

AWS Global Accelerator Benefits

Modernizing game services with AWS Global Accelerator offers many benefits in terms of performance, reliability, and security. With Global Accelerator, you can treat each mapped AWS Region as an individual cell to reduce outage impacts, increasing the reliability of player services and in-game transactions. With Global Accelerator traffic dials, traffic can be shifted between AWS Regions or fail-over to a healthy Region or service during an outage.

One of the key benefits of using Global Accelerator as an adapter is its ability to enhance network performance and reduce latency globally. Global Accelerator utilizes the AWS global network. It helps improve the performance of your applications by lowering first byte latency and jitter, and increasing throughput, as compared to the public internet. It routes player traffic to the optimal endpoint and edge location, and reduces the number or network hops needed to reach an AWS edge location.

By default, AWS Global Accelerator is protected by AWS Shield Standard, which minimizes application downtime and latency from denial-of-service attacks by using always-on network flow monitoring and automated in-line mitigation. You can also enable AWS Shield Advanced for automated resource-specific enhanced detection and mitigations.

In the next section, we will explain how games service teams can use the adapter pattern in conjunction with Global Accelerator to modernize existing game services platforms. 

Modernizing game backend platforms with Global Accelerator

This diagram represents a modernized game backend networking architecture on AWS. On the left, a game client communicates through a static IP endpoint provided by AWS Global Accelerator, which connects to up to 10 AWS Regions within the AWS global network. Traffic is protected by AWS Shield Advanced, which mitigates DDoS incidents at the edge. The traffic then flows to an ALB, which handles routing based on health checks and load-balancing algorithms. On the right, the backend targets include Amazon EC2 Auto Scaling for scalable compute instances, Amazon EKS for Kubernetes workloads, AWS Fargate for containerized tasks, and Amazon ECS for container orchestration.

Figure 3: A modernized game backend where game client traffic is routed through a static IP endpoint provided by AWS Global Accelerator, protected by AWS Shield Advanced, and forwarded to an ALB, which distributes traffic to game server targets such as Amazon EC2 Auto Scaling, Amazon EKS, AWS Fargate, or Amazon ECS.

AWS Global Accelerator can modernize your backend services that use application load balancers or network load balancers. Placing an accelerator in front of your backend services improves the performance and reliability of authentication, matchmaking, messaging, and other gaming services. Global Accelerator incorporates built-in health checks for ALBs and NLBs by using the load balancers’ target group health checks. It considers an NLB or ALB healthy if all load balancer target groups in the Availability Zone (AZ) are healthy, verifying player traffic is routed to the closest, healthy AWS Region available.

Global Accelerator also streamlines DNS management by providing a default DNS name that points to two static IP addresses. You can use this in your client DNS configurations without worrying about future updates or downtime if your backend services change. Global Accelerator also allows users to map custom domain names to their accelerators.

When Global Accelerator is added to front legacy infrastructure, your game operation teams can explore further modernization opportunities. A deployment pattern that AWS recommends as a best practice for deploying new architectures is the canary deployment approach. This method reduces the risk of deploying a new version of your game backend that could impact the player experience.

This diagram shows the use of AWS Global Accelerator traffic dials for canary deployments in a game backend architecture. On the left, end-user requests are routed through AWS Global Accelerator, which connects to multiple AWS Regions. AWS Shield Advanced provides DDoS protection at the edge. Traffic is split using Global Accelerator traffic dials: 20% is routed to a modernized V2 serverless architecture utilizing an Application Load Balancer and AWS Fargate; 40% is routed to a V1 legacy architecture using an Application Load Balancer and Amazon EC2 instances; and another 40% is directed to a second instance of the V1 legacy architecture with the same setup. This configuration allows gradual testing of the serverless implementation with a subset of traffic while maintaining reliability and scalability through the legacy systems.

Figure 4: How AWS Global Accelerator traffic dials enable canary deployments by directing a portion of player traffic to a modernized serverless architecture using AWS Fargate, while the remaining traffic is routed to legacy architectures running on Amazon EC2 instances.

Figure 4 – How AWS Global Accelerator traffic dials enable canary deployments by directing a portion of player traffic to a modernized serverless architecture using AWS Fargate, while the remaining traffic is routed to legacy architectures running on Amazon EC2 instances.

Global Accelerator traffic dials allow you to redirect a percentage of traffic to specific endpoints. The percentage is applied only to traffic that is already directed to the endpoint group, not to all listener traffic. Game operation teams can implement this pattern on Global Accelerator to adjust traffic dials and route player connections to new endpoints for the modern game backend. This process introduces the new game experience to players gradually.

As your teams gain confidence in the deployment, they can replace the current version entirely by shifting traffic away from the legacy endpoints. For example, your teams could build a new serverless architecture to replace a traditional authentication flow and expose a new endpoint accessible to a portion of users. As feedback is collected from the new player experience, teams can continue to update the new architecture and gradually increase traffic dials to send 100 percent of players to the new endpoints.

The power of this pattern lies in its ability to continuously evolve the architecture into a modern platform without compromising player traffic.

Setting up Amazon Global Accelerator for your game

It is possible to deploy an accelerator in front of your existing infrastructure using infrastructure as code (IaC). If your team uses AWS Cloud Development Kit (AWS CDK), you can leverage the Global Accelerator construct in AWS CDK. The following example shows how to use HashiCorp Terraform to deploy an accelerator that will front an existing load balancer:

# An accelerator is defined
resource "aws_globalaccelerator_accelerator" "aga_frontend" {
  name            = "game-backend-accelerator"
  ip_address_type = "IPV4"
  enabled         = true

}

# Protocol and port ranges for traffic are set
resource "aws_globalaccelerator_listener" "aga_frontend" {
  accelerator_arn = aws_globalaccelerator_accelerator.aga_frontend.id
  protocol        = "TCP"

  port_range {
    from_port = 50504
    to_port   = 50504
  }
}

# Target endpoints are added to the configuration
resource "aws_globalaccelerator_endpoint_group" "aga_frontend" {
  listener_arn = aws_globalaccelerator_listener.aga_frontend.id

  endpoint_configuration {
    endpoint_id                    = var.aws_lb_arn
    client_ip_preservation_enabled = false
    weight                         = 100
  }
}

Once AWS Global Accelerator is deployed, you can enable it in your game clients. For this, you can leverage its static IP addresses as targets for DNS resolution. Live services are typically accessible through a URL that maps to a DNS A record. This URL serves as a connection target, and its DNS record can be pointed to the two static IP addresses that are provided by Global Accelerator. This redirects traffic through the accelerator instead of directly reaching the legacy resources.

DNS routing can be achieved by using Amazon Route 53 to provision a DNS zone and create the required record targets. This approach allows you to split your game backend into cells and introduce new accelerators for redirecting your game services. By doing so, you improve reliability through the use of health checks, which route player connections to healthy Regions. Additionally, this method is ideal for setting up cellular architectures for your game services, which may need to be broken down into individual cells to isolate the blast radius when major incidents occur.

Pricing

AWS Global Accelerator pricing is designed to be both transparent and scalable. The Global Accelerator pricing model includes three components: a fixed hourly fee when an accelerator runs in your account, a Data Transfer-Premium fee based on the dominant direction of traffic, and a charge for each public IPv4 address used with your accelerators.

In our Guidance for Game Server Hosting using Agones and Open Match on Amazon EKS, Global Accelerator accounted for approximately five percent of the total monthly spend for hundreds of concurrent players. While this proportion seems modest, costs scale significantly with larger player counts due to the Data Transfer Premium (DT-Premium) fee, assessed for each gigabyte of data transferred. As concurrent players and real-time data throughput grow, this fee will increase proportionally.

Fixed costs remain constant, but DT-Premium grows with your game’s popularity and user engagement. For games with high concurrency potential, model scenarios based on projected peak players and data transfer volumes to anticipate cost evolution.

Despite scaling costs, the performance benefits of AWS Global Accelerator often justify the investment. Work with your AWS account team to optimize architecture for both performance and cost-efficiency as your concurrent player base grows.

Conclusion

We explored the benefits of AWS Global Accelerator when modernizing a legacy game service’s platform. Global Accelerator enables the adapter pattern and creates a facade that isolates your legacy workload from the outside world while maintaining the interface between player clients and your platform. This provides you the opportunity to create new architecture and use traffic dials to shift player traffic gradually to the new architecture.

Contact an AWS Representative to know how we can help accelerate your business.

Further reading

Modernize game backend services with AWS Global Accelerator
Author: Serge Poueme