AC Gaming: iGaming & Sportsbook Platform Migration from GCP to AWS with AI Enablement

Customer Background

AC Gaming is a Southeast Asian iGaming operator delivering sportsbook, casino, and player engagement services across the region. The platform was originally hosted on Google Cloud Platform (asia-southeast1) and faces dual operational pressures: scaling compute fast enough to absorb traffic spikes during major sporting events, kick-offs, jackpots, and promotional campaigns, and keeping the payments and wallet ledger auditable and resilient under strict regulatory expectations.

Business Challenge

AC Gaming's iGaming and sportsbook platform on Google Cloud supported initial business growth but was now constrained by scaling pressures, governance gaps, and a strategic need to introduce AI-driven fraud detection and personalization. The wallet and payments ledger required stronger audit trails and Multi-AZ resilience than the existing environment could deliver.

Key Challenges:

• Traffic Spike Absorption: Compute capacity struggled to scale fast enough during kick-offs, jackpots, and promotions, putting player experience and revenue at risk
• Wallet & Payments Resilience: The wallet ledger required auditable, Multi-AZ resilience and stronger isolation to meet regulatory expectations for financial transactions
• Fragmented Governance: GCP environment lacked the multi-account isolation and centralized security tooling needed for a regulated iGaming operator
• Limited AI Capabilities: No native fraud detection, real-time personalization, or generative AI services for player engagement, content, and risk operations
• Operational Risk: Manual security controls, fragmented monitoring, and lack of a Zero Trust baseline increased operational and compliance exposure
• Audit & Compliance: Insufficient centralized audit trails and security findings aggregation across environments and workloads

AWS Solution

DG Global Technology designed a comprehensive multi-account AWS architecture aligned with the AWS Well-Architected Framework, AWS Security Reference Architecture, and MAP best practices. The solution deploys a 19-account Control Tower Landing Zone in ap-southeast-1 (Singapore), with two shared accounts (Security and Network) and six workload accounts (AI Services, Betting, Sportsbook, Wallet, Player, ERP System), each replicated across Development, Stage, and Production environments.

AWS Services Utilized

Architecture Highlights

• 19-Account Landing Zone: AWS Control Tower environment in ap-southeast-1 — Security and Network shared accounts plus 18 workload accounts (6 workloads × Dev/Stage/Prod) with delegated admin and SCPs
• Zero Trust Security Model: Dedicated Security Account as the central pane of glass for GuardDuty, Security Hub, AWS Config, Firewall Manager, Secrets Manager, EventBridge, and CloudTrail
• AI-Native Platform: Dedicated AI Services account hosting Amazon Bedrock, Amazon Fraud Detector for wallet and payments, Amazon Personalize for player engagement, and Kinesis for real-time event streaming
• Wave-Based Migration: Four sequential migration waves — Wave 0 (Pilot), Wave 1 (Data & Support Services), Wave 2 (Compute Accounts: Player, Sportsbook, Betting), Wave 3 (Wallet Account) — each with rehearsed cutover runbooks and documented rollback paths
• Network Foundation: Centrally managed Transit Gateway in the Network Account, AWS PrivateLink for PSP endpoints, NAT Gateway for outbound, and Route 53 with health-check-based failover
• Auditable Wallet Ledger: Wallet Account isolated with Multi-AZ Aurora, in-region cold-storage backup vault, and dedicated cutover runbook with documented write-cut and rollback procedures

Implementation Details

Timeline: 190 days starting 20 May 2026 — Mobilize phase (Days 1–56) plus four migration waves (Days 57–120) and AI enablement workstream
Team Size: DG Global Technology engineers (Solution Architects, Security Specialists, Cloud Engineers, AI Consultants) + AC Gaming Project Sponsor (Mr. Jackson SOK) and workload owners
Migration Strategy: Wave-based migration with Pilot (Wave 0), Data & Support Services (Wave 1), Compute Accounts (Wave 2), and Wallet Account (Wave 3) — each with Go/No-Go criteria and rollback paths

Key Implementation Phases

• Detailed Business Case: Produced the financial justification, motivator documentation, and MAP investment model anchored on USD $6.24M committed AWS ARR across 20 accounts
• Discovery & Application Assessment: Inventoried GCP workloads across Compute (GKE/GCE/Cloud Run), Database (Cloud SQL/Firestore/BigQuery), Networking, Security, Messaging, and Monitoring
• Landing Zone Buildout: Deployed 19-account Control Tower environment in ap-southeast-1 with delegated admin from the Security Account and Transit Gateway hub in the Network Account
• Security & Compliance: Implemented Zero Trust baseline — GuardDuty, Security Hub, AWS Config, Firewall Manager with delegated admin, Secrets Manager with 30-day auto-rotation
• AI Enablement Workstream: Stood up the AI Services account with Bedrock, Fraud Detector, Personalize, and Kinesis pipelines integrated with Wallet and Player workloads
• Wave 0 Pilot (Days 57–70): Validated the Landing Zone end-to-end with low-risk, non-balance-affecting workloads before production cutovers
• Wave 1 Data & Support Services (Days 71–85): Migrated supporting microservices and data platforms so downstream waves could run against real AWS-native dependencies
• Wave 2 Compute Accounts (Days 86–105): Migrated Player, Sportsbook, and Betting accounts with EKS-based container orchestration
• Wave 3 Wallet Account (Days 106–120): Highest-risk cutover executed last with detailed write-cut runbook, rollback procedure, and post-migration verification

Results and Benefits

Quantifiable Results

• Validated ARR: AWS Pricing Calculator–validated target steady-state spend of USD $520,009.70/month ($6,240,116.40 annualized) across the full 20-account structure
• Multi-AZ Resilience: Aurora regional Multi-AZ across 3 Availability Zones with in-region cold-storage backup vault for wallet and payments
• Zero Trust Security: Centralized security findings, audit trails, and policy enforcement across all 19 accounts via a dedicated Security Account
• AI Capabilities Unlocked: Real-time fraud detection on the wallet ledger, personalization for player engagement, and generative AI for content and risk operations
• Cost Optimization: Compute Savings Plans (1-year, no upfront) on baseline EKS fleet, Graviton ARM64, and Spot diversification on stateless workloads
• Wave-Based Risk Containment: Bounded blast radius per wave with rehearsed cutover runbooks and documented rollback paths back to GCP

Business Impact

• Traffic Spike Resilience: EKS Autoscaler plus Spot diversification absorb traffic spikes during kick-offs, jackpots, and promotions without manual intervention
• Auditable Wallet Operations: Wallet Account isolation, Multi-AZ Aurora, and centralized CloudTrail meet regulatory expectations for payments and ledger operations
• AI-Driven Player Experience: Personalized promotions, real-time fraud screening, and intelligent content workflows powered by Bedrock, Personalize, and Fraud Detector
• Operational Agility: 19-account isolation simplifies blast-radius management, cost allocation, and team-level ownership across Betting, Sportsbook, Wallet, Player, and ERP
• Regulatory Posture: Zero Trust security, centralized audit logging, and Multi-AZ resilience strengthen AC Gaming's position with regulators and PSP partners
• Future-Ready Platform: AWS-native AI services, EKS-based compute, and Aurora foundation positioned AC Gaming for next-phase regional expansion

About DG Global Technology

DG Global Technology is an AWS Advanced Consulting Partner and Managed Service Partner specializing in enterprise cloud transformation across ASEAN markets. With 50+ AWS certifications and 5+ years of partnership experience, we deliver comprehensive managed services including 24/7 monitoring, proactive optimization, security management, and cost governance.