Games Cloudfront.net — [work]

Latency drops from ~150ms (cross-Pacific) to ~5ms (local edge). CloudFront terminates TLS connections at the edge. This is massive. The CPU-heavy TLS handshake happens inside AWS’s custom Nitro hardware, not on the studio’s patch server. For a game launching a 10GB update, this reduces origin load by 99.9% and allows thousands of simultaneous connections without breaking a sweat. 3. Byte-Range Requests & Partial Downloads Modern game launchers (Steam, Epic, Riot Client) use patching , not full downloads. A 50GB game might only need 2GB of changed data. CloudFront supports Range: headers. The launcher asks:

curl -I https://games.cloudfront.net/fortnite/win/latest.exe Response headers (simplified): games cloudfront.net

Also, S3 has no DDoS protection. A single ab -n 100000 attack can spike your bandwidth bill. CloudFront absorbs it. The most advanced studios do not just serve static files from games.cloudfront.net . They attach Lambda@Edge functions. These are JavaScript/Python scripts that run at the edge, before the cache lookup. Latency drops from ~150ms (cross-Pacific) to ~5ms (local

But many studios skip this. Performance > paranoia. And because patches are large and public by nature, they accept the risk. You could serve game assets directly from an S3 bucket with s3-website enabled. But S3 has no edge caching. Every request hits the bucket’s region (e.g., us-east-1 ). A player in Australia experiences 200ms latency. CloudFront drops that to 20ms. The CPU-heavy TLS handshake happens inside AWS’s custom