6 lessons game developers can learn from Epic Games’ cloud governance strategy

Authors: Gena Gizzi, Ryan Rumble |

This blog is co-written by Reza Nikoopour, Principal Engineer, Cloud Governance at Epic Games.

For game studios large and small, a smart cloud governance strategy can go a long way in reducing costs and increasing security for a live service game. Following are a few key learnings from Epic Games’ work with Amazon Web Services (Amazon Web Services) that game developers should consider when developing a cloud governance strategy.

Since the launch of Fortnite in 2017, Epic’s player base has reached 500 million registered accounts. Fortnite was built on Amazon Web Services, using services like Amazon Elastic Compute Cloud (Amazon EC2) for its backend infrastructure. Today, Epic continues to rely on Amazon Web Services technologies to support its worldwide game server fleet.

With Amazon Web Services, Epic can automatically scale compute capacity based on fluctuations in player demand as the game continues to grow.

“Amazon Web Services was instrumental in providing us guidance as we navigated forming a cloud governance group at Epic. We’ve been able to reduce our cloud spend by about 20 percent, and have better resource visibility across the board.” – Shane Smith, VP of Technology Services at Epic Games.

This is thanks, in part, to an initiative that kicked off in 2022 to achieve cloud efficiency, not just proficiency, and digitally transform Epic’s backend to better support new evolutions of Fortnite.

  1. Establish guardrails

Game developers often dream of releasing a smash hit title, but popularity can be tough to predict. Effective strategies for tagging, permission management, and cloud resource governance are often unable to be prioritized during ramp-up mode. Then, when a game quickly climbs the charts, a developer’s focus is almost entirely directed at maintaining the experience.

Cloud governance, however, is crucial as it provides a set of rules, processes, and reports that guide an organization’s best practices. Taking time to ensure visibility into cloud resources across the board and understanding a game’s critical paths can better position developers for long-term success.

  1. Tap into Amazon Web Services expertise

In its quest to improve cloud governance, Epic formed a steering committee with internal technical leadership and representatives from its Amazon Web Services account team. Early committee discussions included cloud maturity and best practices, and how Amazon Web Services could help Epic be more operationally efficient. From there, Epic worked closely with Amazon Web Services Professional Services and their Amazon Web Services Customer Solutions Manager. They assembled a diverse group of cloud enthusiasts from across the company to create the Cloud Governance team, also known as a cloud center of excellence (CCoE).

  1. Understand ownership

To make meaningful changes, Epic needed a standard way to interface with engineers and developers working in Amazon Web Services accounts to determine ownership. The Cloud Governance team identified a group of people responsible for each account and then created real-time communication channels to easily exchange information. This foundation enabled Epic to build and enforce additional controls across their cloud environment.

  1. Grant access

Epic’s Cloud Governance team focused on providing self-service access requests to Amazon Web Services using a combination of GitHub, Okta, SailPoint, and Amazon IAM Identity Center. GitHub holds the infrastructure as code that defines users’ Amazon Identity and Access Management (IAM) roles and where they are deployed. Amazon IAM Identity Center distributes the standard IAM roles across Epic’s Amazon Web Services accounts. Okta provides identity and group memberships that control access to roles in accounts. SailPoint enables account managers to approve or deny access requests to their accounts.

  1. Automate configuration

After working out self-service access and permissions, Epic’s Cloud Governance team used Amazon Step Functions to deploy the baseline configuration of every account in Epic’s environment. This ranges from deploying default constructs, like IAM roles, to cost preventative measures, such as enabling log expirations for all Amazon Lambda functions. It also includes security measures, like enabling Amazon Elastic Block Store (Amazon EBS) encryption by default in every region. By using Amazon Step Functions and Amazon Lambda, Epic can now focus on core configuration tasks without workflow orchestration concerns and be confident that every account is properly configured.

  1. Enforce standards

Before Epic’s Cloud Governance team could implement policies, they first had to establish the right mechanisms, so Epic partnered with a governance solution provider. Epic forwards events from all accounts using Amazon EventBridge into a single location to inspect and act on. As a result, the Cloud Governance team can enforce a minimum set of tags that provide ownership and cost attribution information.

Enforcement happens immediately and automatically removes resources that are missing the required tags from Epic’s environment. The team set up similar enforcement mechanisms for Amazon Relational Database Service (Amazon RDS) and Amazon ElastiCache, requiring these services to run on cost-efficient Amazon Web Services Graviton instance types, while allowing for exceptions by request. Whenever a resource is impacted by an automated policy, it triggers notifications to relevant stakeholders for visibility.

In addition to the preceding real-time enforcements, Epic wanted to include scanning infrastructure as code (IaC) changes as they happened. Epic introduced a required workflow that runs in every GitHub organization whenever IaC changes are detected in a pull request. Any issues discovered are directly commented on in the pull request. This puts information directly into the developers’ workflows so they can fix issues before they are deployed. 

Wrapping up

With an introspective look at its people, processes, and technology, Epic has made meaningful progress on its cloud governance journey and realized great results.

In addition to realizing cost savings, Epic also now has better resource visibility, with nearly 100 percent of Amazon Web Services resources tagged in both production and development accounts. Continuous, vigorous auditing of permissions and better-centralized tracking have also strengthened Epic’s security, continuing to drive positive cultural change across the company.

For game developers interested in learning more about smart cloud governance strategies, check out how other companies have determined best cloud practices. Contact an Amazon Web Services Representative to know how we can help accelerate your business.

Further reading

  • Learn more about Epic Games on Amazon Web Services
  • Learn more about Amazon Web Services and Unreal Engine
  • Learn more about Management and Governance on Amazon Web Services

Gena Gizzi

Gena Gizzi

Gena Gizzi is a Sr. Games Solutions Architect for Amazon Web Services. She helps games customers build, launch, and scale their games and businesses on Amazon Web Services.

Ryan Rumble

Ryan Rumble

Ryan Rumble is a Principal Customer Solutions Manager with Amazon Web Services. Alongside driving Program Management for his teams and customers, Ryan specializes in helping companies navigate transformation and mature on their cloud journeys.

The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.