Brazil Campaign Surface

The Backend of Luck Brazil

The technical collection for Brazil's regulated betting market

7 products · 1890 pages · Brazil-first message · from €34.90
Built for founders, operators, compliance leaders, and engineering teams launching into Brazil with PIX, SIGAP, regulated infrastructure, and real operational playbooks.

Start at €34.90 arrow_forward sports_soccer Bet Brazil Sportsbook See Brazil Thesis trending_up
dashboard Operator Dashboard cloud Casino Lobby (Cloudflare) casino Brazil Casino Lobby Explore the Collection
Go Python TypeScript Terraform Kubernetes Kafka PostgreSQL Redis Docker Cloudflare Workers Neo4j FastAPI
0
Products
0
Pages
0
Chapters
0
Jurisdictions
What You'll Learn

Master Every Layer of iGaming Engineering

From RNG internals to multi-jurisdiction compliance, this book covers the full stack of real-money gaming systems.

architecture

Platform Architecture

Microservices in Python + Go, Kafka KRaft event streaming, CQRS, and domain-driven patterns for casino, poker, sportsbook, and Brazilian betting platforms.

account_balance_wallet

Payment Processing & PIX

PIX-native Brazilian payments (96% of transactions), multi-PSP orchestration (Celcoin, Transfeera, Stark Bank), payment state machines, and closed payment loop compliance.

lock

Security & Compliance

GLI-GSF certification, Wazuh SIEM, AWS GuardDuty, WAF for 3 environments, Argon2id password hashing (OWASP 2024), TDE encryption, fraud detection, HSM key management, and AML/KYC pipelines.

bolt

Real-Time Systems & Kafka

Kafka KRaft event streaming (no Zookeeper), live casino streaming, WebSocket odds feeds, SIGAP real-time reporting, and sub-100ms bet settlement.

settings_suggest

Infrastructure as Code

Terraform, Terragrunt, Ansible, multi-account AWS, Kubernetes operators, and GitOps workflows.

person_pin

Player Management

VIP engines, bonus abuse detection, responsible gaming controls, self-exclusion systems, and CRM integration.

bar_chart

Data & Analytics

Real-time dashboards, player LTV prediction, churn modeling, data warehousing, and regulatory reporting.

terminal

DevSecOps

CI/CD pipelines, container security, SAST/DAST, secret management, and zero-trust network architecture.

gavel

Regulatory Framework

112+ jurisdictions covered. UKGC, MGA, Curacao, Brazil, US state-by-state, and APAC licensing requirements.

security

Hardware Security & Encryption

YubiHSM 2 FIPS (validated scripts), Argon2id password hashing, TDE on PostgreSQL + MariaDB, key hierarchy design, mTLS certificate chains, and WireGuard VPN.

cloud

Cloudflare Workers Edge

Complete iGaming backend on Cloudflare Workers — authentication, wallet, KYC, compliance, security.ts WAF, CI/CD pipelines — with sub-20ms global latency. 40 casino games live.

stream

Kafka KRaft Mode

Event streaming without Zookeeper — 11-container production stacks using Kafka KRaft, reducing operational complexity and failure domains.

inventory_2

Docker Security Hardening

Rootless containers, seccomp profiles, AppArmor policies, image signing, and supply-chain attestation for iGaming production environments.

sports_soccer

Sports Betting Architecture

4-phase sportsbook: pre-match, live in-play, cashout, bet builder. Brazilian competitions (Brasileirão, Copa do Brasil, Libertadores). SIGAP compliant.

smart_toy

AI Governance & EU AI Act

EU AI Act compliance for iGaming: model registry, bias detection, algorithmic transparency, and responsible AI deployment patterns.

shield

SIEM & SOC Operations

Wazuh SIEM, AWS GuardDuty + Security Hub, WAF across 3 environments, and SOC dashboard with live threat monitoring.

account_balance

Financial Truth

Double-entry ledger, treasury float management, automated reconciliation with 4 release-gate scripts.

hub

Supplier Control

Callback replay testing, circuit breakers, capability matrix, degradation handling.

verified_user

Compliance Evidence

KYC lifecycle, encrypted evidence store, geofencing, jurisdiction matrix with 55 test scenarios.

assignment

Workflow Operations

Case management, notifications, disputes/chargebacks, SLA monitoring.

monitoring Live Platforms Included

Open the Live Platforms While You Read

Every architecture pattern in the book has a live counterpart you can inspect. Open the operator dashboard, browse the Brazil-regulated casino lobby, or explore the sportsbook — all running the same compliance, infrastructure, and operational flows described in the chapters.

dashboard
Operator Dashboard
18 modules covering Brazil Ops, finance, PAM, AML, responsible gaming, VIP workflows, and real-time platform health.
casino
Brazil Casino Lobby
12 games under Lei 14.790 compliance — PIX payments, CPF verification, SIGAP reporting, and 30-min geolocation checks.
dns
Infrastructure Signals
Cloudflare edge telemetry, Kafka cluster health, API status, cache-backed summaries, and runtime controls.
verified
Compliance Surfaces
KYC, AML, RG, fraud detection, audit-oriented flows — the operational surfaces engineers actually build and maintain.
dashboard Operator Dashboard casino Brazil Casino Lobby sports_soccer Bet Brazil Sportsbook

All platforms are live simulations for educational purposes — no real money involved.

What You Can Inspect
  • 18 operator-facing dashboard modules
  • Brazil-regulated lobby with Lei 14.790 compliance
  • Kafka, API, cache and service health views
  • Finance, wallet, PAM and game controls
  • Sportsbook with Brazilian market odds
Live Companion

Use these platforms alongside the book while reading the architecture, operations, fraud, compliance, and infrastructure chapters.

new.acmetocasino.com/dashboard.html
Code Preview

Production-Grade Code Samples

Every pattern comes with battle-tested, copy-paste-ready implementations.

# PIX Payment Gateway — Multi-PSP orchestration with automatic failover
class PixPaymentGateway:
    """Brazilian PIX payment processing with PSP routing and fraud detection.
    Handles 96% of all betting transactions via instant PIX transfers."""

    PROVIDERS = [
        PSPConfig("celcoin",   weight=40, max_latency_ms=2000),
        PSPConfig("transfeera", weight=35, max_latency_ms=1500),
        PSPConfig("starkbank",  weight=25, max_latency_ms=3000),
    ]

    async def process_deposit(self, req: PixDepositRequest) -> PaymentResult:
        # Parallel compliance checks
        risk_score, kyc, limits, velocity = await asyncio.gather(
            self.fraud_checker.evaluate(req.cpf, req.amount),
            self.compliance.check_kyc(req.cpf),
            self.wallet.check_deposit_limits(req.cpf, req.amount),
            self.aml.velocity_check(req.cpf, req.amount),
        )

        if risk_score > 0.85:
            return PendingReview(tx_id=gen_tx_id(), risk_score=risk_score)
        if not kyc.approved:
            raise KYCRequiredError(req.cpf)
        if not limits.within_limits:
            raise DepositLimitExceeded(limits)

        # Route to PSP with circuit breaker + fallback
        provider = self.select_provider(req.currency)
        return await self.route_to_psp(req, provider)

    async def route_to_psp(self, req, provider: PSPConfig) -> PaymentResult:
        async with CircuitBreaker(provider.name, max_failures=3, reset_s=30):
            try:
                return await provider.adapter.create_pix_charge(req)
            except PSPConnectionError:
                return await self.route_to_psp(req, self.next_provider(provider))
# Player credit analysis with ML-powered risk assessment
class CreditAnalysisEngine:
    """Real-time player creditworthiness and risk scoring pipeline.
    Processes 50K+ evaluations/minute with P99 latency < 15ms."""

    def __init__(self, model_registry: ModelRegistry, redis: Redis):
        self.risk_model = model_registry.load("player-risk-v3", version="production")
        self.velocity_tracker = VelocityTracker(redis, windows=[1, 5, 15, 60])  # minutes
        self.geo_enricher = MaxMindGeoIP("/data/GeoLite2-City.mmdb")

    async def evaluate(self, player_id: str, amount: Decimal) -> CreditDecision:
        # Parallel feature extraction
        features = await asyncio.gather(
            self._player_history(player_id),
            self._velocity_features(player_id, amount),
            self._device_fingerprint(player_id),
            self._geo_risk(player_id),
        )
        player_hist, velocity, device, geo = features

        # ML risk scoring
        risk_vector = self.risk_model.predict({
            "lifetime_deposits":     player_hist.total_deposits,
            "lifetime_withdrawals":  player_hist.total_withdrawals,
            "avg_session_duration":  player_hist.avg_session_mins,
            "deposit_velocity_1m":   velocity.deposits_1m,
            "deposit_velocity_15m":  velocity.deposits_15m,
            "device_age_days":       device.first_seen_days,
            "geo_risk_score":        geo.country_risk,
            "amount_vs_avg":         float(amount / max(player_hist.avg_deposit, Decimal("1"))),
        })

        return CreditDecision(
            approved=risk_vector.score < 0.7,
            risk_score=risk_vector.score,
            risk_factors=risk_vector.top_factors,
            credit_limit=self._calculate_limit(player_hist, risk_vector),
            velocity_flags=velocity.flags,
            requires_enhanced_dd=risk_vector.score > 0.5,
        )
# Multi-region payment processing infrastructure
# Terraform + Kubernetes for PCI-DSS compliant deployment

module "payment_cluster" {
  source = "./modules/pci-cluster"

  cluster_name  = "payment-${var.environment}"
  region        = var.primary_region
  node_count    = var.environment == "production" ? 6 : 2
  instance_type = "c6i.2xlarge"  # Compute-optimized for crypto ops

  # PCI-DSS Network Isolation
  vpc_cidr        = "10.100.0.0/16"
  private_subnets = ["10.100.1.0/24", "10.100.2.0/24", "10.100.3.0/24"]
  enable_flow_logs = true
  encrypt_at_rest  = true
  hsm_enabled      = true  # CloudHSM for key management

  # Multi-provider gateway configuration
  payment_gateways = {
    stripe = { weight = 40, regions = ["eu-west-1", "us-east-1"] }
    adyen  = { weight = 35, regions = ["eu-central-1"] }
    nuvei  = { weight = 25, regions = ["eu-west-1"] }
  }

  # Automatic failover with health checks
  health_check_interval   = 10
  failover_threshold      = 3
  circuit_breaker_timeout = "30s"
}

module "tokenization_vault" {
  source = "./modules/vault-transit"

  name          = "card-tokenization"
  auto_unseal   = true
  ha_enabled    = true
  audit_logging = true  # PCI-DSS Requirement 10

  transit_keys = {
    card_pan = { type = "aes256-gcm96", min_decryption_version = 1 }
    card_cvv = { type = "aes256-gcm96", exportable = false }
    pii_data = { type = "rsa-4096",     allow_plaintext_backup = false }
  }
}
# PIX Withdrawal processor with AML checks and closed payment loop
class WithdrawProcessor:
    """Process PIX withdrawals with multi-step verification.
    Enforces Portaria 615/2024 closed payment loop (CPF ↔ bank account)."""

    async def process(self, req: WithdrawalRequest) -> WithdrawalResult:
        # Step 1: Balance verification (SERIALIZABLE isolation)
        wallet = await self.store.get_for_update(req.cpf)
        if wallet.available_balance < req.amount:
            return WithdrawalResult.insufficient_funds(wallet.available_balance)

        # Step 2: Closed payment loop (Portaria 615/2024)
        if not await self.closed_loop.verify_cpf_owns_account(req.cpf, req.pix_key):
            raise ClosedLoopViolation(req.cpf, req.pix_key)

        # Step 3: AML screening (COAF thresholds)
        aml = await self.aml.screen(cpf=req.cpf, amount=req.amount, window_hours=24)
        if aml.flagged:
            await self.kafka.publish("platform.aml.alerts", AMLAlertEvent(req, aml))
            await wallet.hold_funds(req.amount, reason="AML_REVIEW")
            return WithdrawalResult.pending_review(aml.reason)

        # Step 4: Execute PIX payout via PSP with retry
        await wallet.debit(req.amount, tx_type="WITHDRAWAL")
        payout = await self.psp_router.send_pix_payout(req, retries=3)
        await self.kafka.publish("sigap.withdrawal.events", payout)

        return WithdrawalResult.success(tx_id=payout.tx_id, eta=payout.eta)
# Multi-role security hardening with CIS benchmarks
# Automated deployment across Ubuntu/CentOS with rollback safety
---
- name: Deploy CIS Security Hardening
  hosts: all
  become: true
  gather_facts: true

  pre_tasks:
  - name: Validate deployment prerequisites
    assert:
      that:
      - ansible_version.full is version('2.10', '>=')
      - ansible_os_family in ['Debian', 'RedHat']
      fail_msg: "Deployment prerequisites not met"

  - name: Create deployment audit log
    file:
      path: "/var/log/ansible-improvements/{{ ansible_date_time.epoch }}-security.log"
      state: touch
      mode: '0644'

  roles:
  - role: cis-hardening-ubuntu
    when: ansible_distribution == "Ubuntu"
    tags: [ 'cis-ubuntu' ]

  - role: cis-hardening-centos
    when: ansible_distribution == "CentOS" or ansible_distribution == "RedHat"
    tags: [ 'cis-centos' ]

  - role: postgresql-security
    tags: [ 'postgresql-hardening' ]

  - role: kubernetes-security
    tags: [ 'k8s-hardening' ]

  - role: docker-security
    tags: [ 'docker-hardening' ]

  - role: encryption-security
    tags: [ 'encryption' ]

  - role: password-rotation
    tags: [ 'password-rotation' ]

  - role: security-monitoring
    tags: [ 'monitoring' ]

  post_tasks:
  - name: Generate CIS compliance report
    template:
      src: deployment-report.j2
      dest: "/var/log/ansible-improvements/{{ ansible_date_time.epoch }}-report.html"

  - name: Trigger vulnerability scan post-deployment
    uri:
      url: "{{ trivy_webhook_url }}/scan"
      method: POST
      body_format: json
      body:
        targets: "{{ groups['all'] | map('extract', hostvars, 'inventory_hostname') | list }}"
        scan_type: "infrastructure"
    when: trivy_integration_enabled | default(false)
# Hardware Security Module management for payment key custody
# Supports YubiHSM 2, Nitrokey HSM 2, and SoftHSM fallback

class HSMType(Enum):
    YUBIHSM2 = "yubihsm2"
    NITROKEY = "nitrokey"
    SOFTHSM  = "softhsm"

@dataclass
class HSMConfig:
    """PCI-DSS compliant key management configuration"""
    hsm_type:      HSMType
    connector_url: Optional[str] = None
    pkcs11_lib:    Optional[str] = None
    pin:           Optional[str] = None  # Retrieved from Vault at runtime
    slot:          Optional[int] = None

class HSMManager:
    """Unified interface for hardware security module operations.
    Used for payment card tokenization and transaction signing."""

    def __init__(self, config: HSMConfig):
        self.config  = config
        self.session = None

    def initialize(self) -> None:
        handlers = {
            HSMType.YUBIHSM2: self._init_yubihsm2,
            HSMType.NITROKEY: self._init_nitrokey,
            HSMType.SOFTHSM:  self._init_softhsm,
        }
        handlers[self.config.hsm_type]()

    def _init_yubihsm2(self) -> None:
        from yubihsm import HttpConnector, YubiHsm
        self.connector = HttpConnector(self.config.connector_url)
        self.hsm       = YubiHsm(self.connector)
        self.session   = self.hsm.create_session(1, self.config.pin)
        log.info(f"YubiHSM 2 initialized at {self.config.connector_url}")

    def generate_payment_key(self, label: str) -> str:
        """Generate AES-256 key for PCI-DSS card tokenization"""
        from yubihsm.objects import SymmetricKey
        key = SymmetricKey.generate(
            self.session,
            label=label,
            algorithm=Algorithm.AES256,
            capabilities=CAPABILITY.ENCRYPT_CBC | CAPABILITY.DECRYPT_CBC,
            domains=0x0001,
        )
        audit_log.record("key_generated", key_id=key.id, label=label)
        return key.id

    def sign_transaction(self, tx_hash: bytes, key_id: int) -> bytes:
        """ECDSA signing for payment transaction authorization"""
        key       = AsymmetricKey(self.session, key_id)
        signature = key.sign_ecdsa(tx_hash, hash=hashes.SHA256())
        audit_log.record("tx_signed", key_id=key_id, hash=tx_hash.hex()[:16])
        return signature
# Secure Data Destruction System — Master Orchestrator
# Production-grade market exit and emergency shutdown system
# Chapter 41: Nuclear Option — When It's Time to Leave

from enum import Enum
from dataclasses import dataclass
from typing import List, Optional, Callable


class DestructionPhase(Enum):
    SECURITY_DEVICES = "security_devices"   # YubiHSM + YubiKey first
    CLOUD_RESOURCES  = "cloud_resources"    # AWS Nuke in parallel
    INFRASTRUCTURE   = "infrastructure"     # Terraform + Ansible
    NETWORK          = "network"            # Meraki + MikroTik
    SELF_DESTRUCT    = "self_destruct"      # SEN500 destroys itself


@dataclass
class DestructionResult:
    phase:       DestructionPhase
    success:     bool
    audit_entry: str
    checkpoint:  Optional[str] = None


class MasterOrchestrator:
    """
    SDDS Master Orchestrator — activated via SMS trigger from Zymbit SEN500.
    Executes sequential destruction with rollback checkpoints and full audit trail.
    Compliant with 72-hour regulatory shutdown requirements.
    """

    PHASE_ORDER: List[DestructionPhase] = [
        DestructionPhase.SECURITY_DEVICES,
        DestructionPhase.CLOUD_RESOURCES,
        DestructionPhase.INFRASTRUCTURE,
        DestructionPhase.NETWORK,
        DestructionPhase.SELF_DESTRUCT,
    ]

    def __init__(self, force_mode: bool = False, dry_run: bool = False):
        self.force_mode = force_mode  # Destroy even powered-off machines
        self.dry_run    = dry_run
        self.audit_log  = ComplianceAuditLog()
        self.checkpoint = RollbackCheckpoint()

    async def orchestrate(self, authorization_token: str) -> List[DestructionResult]:
        """
        Execute full destruction sequence. Each phase is checkpointed before execution.
        In force_mode, machines that are powered off are still wiped via IPMI/iDRAC.
        Returns complete audit trail for regulatory submission.
        """
        await self._verify_authorization(authorization_token)
        self.audit_log.record("DESTRUCTION_INITIATED", token_hash=sha256(authorization_token))

        results = []
        for phase in self.PHASE_ORDER:
            checkpoint_id = await self.checkpoint.save(phase)
            result        = await self._execute_phase(phase, checkpoint_id)
            results.append(result)

            if not result.success and not self.force_mode:
                self.audit_log.record("PHASE_FAILED_HALTING", phase=phase.value)
                break

        self.audit_log.finalize()
        return results
Real Production Case Study

Scaling for the Super Bowl

The biggest single betting event on Earth. $7.61 billion wagered across 31.4 million bettors. 112.3 million viewers. 1 million+ bets per minute at peak. This chapter shows the exact infrastructure, architecture decisions, and war stories from scaling a real-money platform for the Super Bowl.

$7.6B
Total Wagered
112M
Viewers
17,920
vCPUs
$6.5M
Monthly Infra (est.)
Traffic Scaling
Regular NFL Sunday 50K TPS
NFL Playoffs 200K TPS
Super Bowl 1M+ TPS
!
War Story

During Super Bowl LV, a Kafka cluster upgrade was initiated mid-game. 90 seconds of stalled bet processing. Millions in pending wagers. The fix that saved the night — and the change-freeze policy that followed — is documented in Chapter 41.

Read the full case study
Infrastructure at Peak
Bare Metal Instances 20x u7in-32tb.224xlarge
Total RAM 655 TB
Network Bandwidth 4 Tbps
Kafka Throughput 10M msgs/sec
Database Cluster 384 vCPUs, 12 TB RAM
Peak Bets/Minute 1,000,000+
All figures estimated based on real production data — Super Bowl LVI (2022)
Resilience Engineering

Chaos Engineering for
Real-Money Systems

When a payment gateway fails at 2AM during peak hours with $2M in unprocessed withdrawals — your system must self-heal. This book teaches you how to build for that.

The Chaos Engineering Process

01
Steady State Hypothesis

Define normal: P99 latency < 200ms, payment success rate > 99.2%, no player-visible errors

02
Inject Failure

Kill a payment gateway, corrupt a Kafka partition, add 500ms network latency to the DB, trigger OOM on the RNG service

03
Observe Impact

Real-time dashboards track blast radius: affected players, stuck transactions, queue depth, error rates

04
Verify Resilience

Circuit breakers trip within 3s, traffic reroutes to backup provider, player sessions remain active, no fund loss

05
Improve & Automate

Document runbook, add to CI/CD pipeline as automated Game Day, reduce MTTR from hours to minutes

Real-World Chaos Scenarios from the Book

credit_card_off

Payment Gateway Cascade

Ch 12, 36

Primary payment provider goes down during peak deposits. Circuit breaker pattern with automatic failover to secondary provider within 3 seconds.

storage

Database Partition Split

Ch 27, 28a

PostgreSQL primary loses replication to read replicas. Write-ahead log replay ensures zero data loss. Automated promotion with health checks.

shield

DDoS During Live Event

Ch 19, 24

Layer 7 attack hits the platform during Champions League final. WAF rules, rate limiting, and edge caching protect 50K concurrent players.

casino

RNG Service Failure

Ch 17, 32

CSPRNG hardware module becomes unresponsive. Fallback to software PRNG with automatic GLI-19 compliance validation and player notification.

gavel

Regulatory Emergency

Ch 25, 40

New jurisdiction requires immediate geo-blocking. Automated compliance rules deploy in < 5 minutes across all edge nodes.

hub

Kafka Broker Loss

Ch 28a, 33

One of three Kafka brokers crashes. Partition rebalancing, consumer group recovery, and zero message loss verified via exactly-once semantics.

delete_forever Chapter 41 — Real Production System

When It's Time to Leave —
The Nuclear Option

Market exit, acquisition, regulatory shutdown, or security breach — when you need to destroy everything, you need a system that's been engineered for it. The book includes a complete, production-grade Secure Data Destruction System.

security
Control Layer Logically disconnected from network until activation
Zymbit SEN500
HSM6 hardware
SMS Auth Gateway
Trigger channel
Master Orchestrator
Sequencer engine
Audit Logger
Compliance trail
arrow_downward
key_off Security Layer
YubiHSM 2 FIPS
Destruction
YubiKey Tokens
Revocation
CA Revocation
All certs
Crypto Key Erase
All keystores
Backup Destroy
All replicas
arrow_downward
cloud_off Infrastructure Layer
AWS Nuke
Cloud resource destruction
Terraform Obliterator
IaC state teardown
Ansible Destroyer
Server cryptographic wipe
Meraki Eliminator
Network infrastructure
MikroTik Zeroizer
Router/firewall reset
self_improvement
Self-Destruct
SEN500 destroys itself last
sms SMS-triggered activation sync_alt Parallel cloud + on-premise destruction save Rollback checkpoints per phase receipt_long Comprehensive audit logging power_off Force mode (even powered-off machines) delete_forever Self-destruct capability
master_orchestrator.py 
class DestructionPhase(Enum):
    SECURITY_DEVICES = "security_devices"   # YubiHSM + YubiKey first
    CLOUD_RESOURCES  = "cloud_resources"    # AWS Nuke in parallel
    INFRASTRUCTURE   = "infrastructure"     # Terraform + Ansible
    NETWORK          = "network"            # Meraki + MikroTik
    SELF_DESTRUCT    = "self_destruct"      # SEN500 destroys itself
format_quote

This isn't theoretical. This is the exact system architecture used in regulated iGaming environments where market exits require complete, auditable data destruction within 72 hours of regulatory notification.

code Chaos Testing Scripts on GitHub code Secure Data Destruction on GitHub
auto_stories

Chaos Engineering principles are woven throughout Chapters 28a (Distributed Systems), 31 (Performance Benchmarks), 32 (Testing & QA), 33 (Operational Playbooks), 35 (Incident Management), 39 (Case Study: Security Incident Response), and 42 (War Stories — When Everything Goes Wrong).

New Chapter

Building a Brazilian Betting Platform

Brazil's regulated betting market is the most technically demanding in the world. Chapter 46 is the complete engineering guide — from SIGAP real-time reporting to PIX-native payments, CPF biometric verification, and 30-minute geolocation reverification.

15K+
Words
9
Microservices
11
Containers (Kafka KRaft)
8,800+
Lines of Code
100+
Tests
See Full Table of Contents arrow_downward Live Demo (Cloudflare) open_in_new
Microservices Architecture
person Player Account (PAM) Python
sports_soccer Betting Engine Go
account_balance_wallet Wallet (PIX-native) Go
pix SIGAP Reporter Python
shield AML / Fraud Detection Python
health_and_safety Responsible Gaming Python
PIX 96% CPF/KYC SIGAP Lei 14.790 .bet.br AWS sa-east-1 Cloudflare Workers
Full Table of Contents

47 Chapters Across 11 Parts

A complete journey from ecosystem fundamentals to production operations and beyond.

  • Ch 01 The Online Casino Ecosystem
  • Ch 02 Regulation and Compliance Landscape
  • Ch 03 Global Market Analysis
  • Ch 04 Market Analysis & Industry Players
  • Ch 05 Differences Between Betting Sites and Online Casinos
  • Ch 06 Licensing Guide
  • Ch 07 Casino Implementation Planning & Timeline
  • Ch 08 Team Structure & Operations
  • Ch 09 Legal Framework & Contracts
  • Ch 10 Complete Platform Architecture
  • Ch 10b Supplier Integration Control Plane NEW
  • Ch 11 Online Poker Platform Architecture
  • Ch 12 Real-Time Cash Flow Management for Online Casinos
  • Ch 13 Live Casino Streaming Infrastructure
  • Ch 14 Mobile-First Architecture for iGaming
  • Ch 15 Casino Mathematics & Game Economy
  • Ch 16 Cryptocurrency & DeFi Integration
  • Ch 17 Random Number Generation (RNG)
  • Ch 18 Real-Time Clock Module Implementation
  • Ch 19 Anti-Fraud System Deep Dive
  • Ch 20 Hardware Security Module Infrastructure
  • Ch 21 Caching Strategies & Benefits
  • Ch 22 Internal Docker Registry — Why You Need Your Own
  • Ch 23 DevSecOps for iGaming
  • Ch 24 Security & Compliance
  • Ch 24b Wazuh SIEM for iGaming Compliance NEW
  • Ch 24c AWS SIEM for iGaming (GuardDuty, Security Hub, CloudTrail) NEW
  • Ch 24d KYC Evidence Lifecycle NEW
  • Ch 24e Geofencing & Location Verification NEW
  • Ch 25 GLI-GSF Compliance Framework for Online Gaming
  • Ch 25b Regulatory Reporting & Evidence Export NEW
  • Ch 26 Responsible Gaming & Player Protection Systems
  • Ch 27 Data Residency, Backup & Recovery
  • Ch 28a Distributed Systems Deep Dive
  • Ch 28b Infrastructure Patterns Deep Dive
  • Ch 28c Architecture Patterns Deep Dive
  • Ch 29a On-Premises Infrastructure (US-Regulated)
  • Ch 29b Datacenter Infrastructure — US Providers
  • Ch 29c European Datacenter Infrastructure
  • Ch 29d Asia-Pacific & Middle East Datacenter Infrastructure
  • Ch 29e Africa & Offshore Datacenter Infrastructure
  • Ch 29f Latin America Datacenter Infrastructure
  • Ch 30 FinOps Deep Dive
  • Ch 31 Performance Benchmarks & Metrics
  • Ch 32 Testing & QA for Gambling
  • Ch 33 Operational Playbooks
  • Ch 33b Workflow & Case Management NEW
  • Ch 33c Notifications & Transactional Communications NEW
  • Ch 33d Disputes, Chargebacks & Player Support NEW
  • Ch 34 Data & Analytics
  • Ch 35 Incident Management
  • Ch 36 Financial Operations
  • Ch 36b Ledger, Treasury & Reconciliation NEW
  • Ch 37 Marketing Technology & CRM Systems
  • Ch 38 Case Study: On-Premises to Cloud Migration
  • Ch 38b AWS Platform Deployment (ECS, RDS, ElastiCache) NEW
  • Ch 39 Case Study: Security Incident Response
  • Ch 40 Case Study: Launching a New Regulated Market
  • Ch 41 Case Study: Scaling for the World Cup
  • Ch 42 War Stories — When Everything Goes Wrong
  • Ch 43 Future Technology & Innovation in iGaming
  • Ch 43b AI Governance & EU AI Act Compliance for iGaming NEW
  • Ch 44 Deploying iGaming Platforms on Cloudflare Workers NEW
  • Ch 44b Cloudflare Hybrid Runtime NEW
  • Ch 45 Secure Infrastructure Decommissioning
  • Ch 46 Building a Brazilian Betting Platform: Architecture, Compliance & Implementation NEW
  • Ch 46b Sports Betting Architecture: 4-Phase Implementation NEW
  • Ch 47 Platform Onboarding — From Contract to First Real-Money Bet
  • Ch 47b Configuration & Rules Distribution NEW
About the Author

Written from the Trenches

Written by a platform engineering lead with over 10 years of experience building, scaling, and operating real-money gaming systems across multiple regulated markets. This is not theory repackaged from blog posts. Every architecture decision, every code pattern, every operational playbook comes from production systems handling millions of transactions.

The book includes a full-stack simulation environment built as a microservices architecture with 9 domain services in Python + Go (PAM, Wallet, Betting, Settlement, Odds Feed, Casino, AML/Fraud, Bonus, Responsible Gaming), Kubernetes manifests, monitoring dashboards, and a complete CI/CD pipeline you can run locally or in the cloud.

10+
Years in iGaming
112+
Jurisdictions Covered
2,869+
Production Scripts
9
Domain Modules
Live Operational Platform

Cloud AcmeToCasino — Edge-Native Platform Components You Can Open

The book is backed by a live platform surface: Brazil-facing frontend, operator controls, compliance workflows, and operational views stitched into one Cloudflare-oriented runtime. You are not reading abstractions. You can open the components and inspect how the system presents itself in production.

Cloudflare Surface Live

Cloud AcmeToCasino on bet-brazil.cloud-acmetocasino.com

A sharper way to demonstrate the book than another generic casino URL: a Cloudflare-hosted betting surface tied to the same operational thinking covered in the platform chapters. It connects the frontend experience, Brazil-specific positioning, Cloudflare deployment model, and the operator stack that sits behind it.

Cloudflare-native entrypoint
Public-facing betting surface served from the Cloudflare stack already represented in the book.
Brazil-oriented positioning
A better narrative fit for the Brazil chapter than a neutral casino-only hostname.
open_in_new Open Cloud Platform dashboard Open Operator Dashboard

Explore the Live Platform Modules

cloud
Cloud AcmeToCasino
bet-brazil.cloud-acmetocasino.com

Brazil-facing Cloudflare deployment surface with a cleaner story for the Cloudflare and Brazilian betting chapters than the legacy hostname.

Open cloud surface arrow_forward
dashboard
Operator Dashboard
operator components

Real-time operator console with PAM, finance, KYC/AML, responsible gaming, fraud, and control-plane views backing the public-facing platform.

Open live platform arrow_forward
casino
Game Lobby
front-end component

Legacy casino-style lobby component still available as part of the broader platform story, showing how the public-facing experience plugs into the backend stack.

Open live platform arrow_forward
settings_applications
OPS Platform
new.acmetocasino.com

Operator management with compliance workflows, onboarding automation, asset inventory, ticketing system, and full audit logs.

Open live platform arrow_forward
public
Jurisdiction Monitor
new.acmetocasino.com

Interactive world map with real-time regulatory data for 50+ jurisdictions including US state-by-state analysis, licence requirements, and tax structures.

Open live platform arrow_forward
security
Security & Performance
new.acmetocasino.com

SOC dashboard with live threat monitoring, container vulnerability scanning, infrastructure metrics, and deployment pipeline visualisation.

Open live platform arrow_forward
Live — Ch 46b
sports_soccer
Sports Betting — 4 Phases
bet-brazil.cloud-acmetocasino.com

Full 4-phase sportsbook: pre-match, live in-play, cashout, bet builder. Brazilian competitions (Brasileirão, Copa do Brasil, Libertadores, Sul-Americana). SIGAP compliant (Lei 14.790, Portaria 1207/2024).

  • Phase 1: Pre-match odds & single bets
  • Phase 2: Live in-play with WebSocket feeds
  • Phase 3: Real-time cashout engine
  • Phase 4: Bet builder / accumulator
Open live platform arrow_forward
workspace_premium Industry First Cloudflare Workers Edition

Serverless Casino on Cloudflare Edge

The first iGaming technical resource to document a complete real-money gaming platform running on Cloudflare Workers. Zero servers. Sub-20ms global latency. $0/month on free tier (estimated).

$0/mo
Complete platform on free tier
vs $400+/mo traditional hosting (estimated)
<20ms
Global P99 latency
300+ edge locations
0ms
Cold start time
V8 isolates, not containers
40
Casino games live
Slots, Table, Live, Crash, Instant
Edge Architecture
person
Player
arrow_forward
public
CF Edge 300+ PoPs
arrow_forward
code
Worker TypeScript
arrow_forward
storage
D1 SQLite
+
speed
KV Cache
+
folder_open
R2 Assets

checklist What's Included in the Edge Chapter

  • check_circle Full TypeScript source code — 8 modules: auth, games, wallet, KYC, compliance, utils, frontend, router
  • check_circle D1 database schema — 9 tables: users, games, transactions, bonuses, kyc_records, rg_settings, compliance_events, security_events, translations
  • check_circle Multi-brand deployment scripts — deploy 50 casino brands from one codebase
  • check_circle SSL/TLS automatic — Cloudflare Universal SSL, TLS 1.3
  • check_circle Rate limiting, bot detection, jurisdiction blocking — built-in
  • check_circle security.ts WAF module — IP blocking, rate limiting, geo-fencing, request validation
  • check_circle CI/CD pipeline with Wrangler, GitHub Actions, and environment promotion
  • check_circle Argon2id password hashing (OWASP 2024 recommended)
  • check_circle Cost analysis: Free tier vs Paid ($5/mo estimated) vs Enterprise
  • check_circle Performance benchmarks with real measured data
"This is the first documented production architecture for running a complete iGaming backend — authentication, wallet, game catalog, KYC, compliance — entirely on Cloudflare Workers with D1. No other technical resource in the gambling industry covers serverless edge deployment at this level of detail."

Also Available — Architecture Platform Deep-Dives

Architecture Platform Performance Console Deployment Console Production Casino Demo
Brazil Catalog

9 Products for the Brazilian Market

The Brazil page should convert every serious buyer path: a single volume for a focused role, a bundle for an operating team, or the complete collection for multi-function coverage. All 9 purchase options are available below.

menu_book

Standalone Volumes

Buy one volume only if your team needs a narrower entry point before moving into a bundle or the full collection.

Volume I
Markets, Regulation, Launch & Business
34.90

Best for founders, legal, compliance, and licensing teams entering the Brazilian market. Chapters 1–9 + launch appendix.

Buy Volume I
Volume II
Platform, Game & Product Architecture
59.90

Best for CTOs, architects, principal engineers, and product leads. Platform, games, and product end-to-end. Chapters 10–19 with deep dives.

Buy Volume II
Volume III
Security Engineering & Runtime Defense
84.90

Best for security engineers, AppSec, SecOps, and technical auditors. HSM, SIEM, mTLS, PQC, geofencing. Chapters 20–23 + 11 deep dives 24b–24m.

Buy Volume III
Volume IV
Compliance, Player Safety, Data Residency & Governance
64.90

Best for compliance engineering, privacy leads, responsible-gaming, and data-governance teams. Chapter 24, GLI/GSF, self-exclusion, data residency, AI governance.

Buy Volume IV
Volume V
Infrastructure, Datacenter & Deployment
49.90

Best for infrastructure, SREs, datacenter, and platform engineers. Datacenters US/EU/APAC/Africa/LatAm, Cloudflare Workers. Chapters 28–29 + 44.

Buy Volume V
Volume VI
Operations, Finance, Growth & Case Studies
64.90

Best for operations, PMO, finance ops, CRM, marketing, expansion, and executive operators. FinOps, QA, ledger, real cases (World Cup, Brazil), war stories, onboarding.

Buy Volume VI
library_books

Bundles & Complete Collection

Role-based bundles for teams, or the full collection for comprehensive coverage.

Operator & Governance Bundle
Volumes I + IV + VI
149.90
€164.70 if bought separately

Market, regulatory governance, and operational execution. For operators, compliance leaders, and executives.

Buy Operator Bundle
Best Value
Complete Collection
All 6 Volumes
279.90
€359.40 if bought separately

The full professional reference collection. 48 chapters, 1,027K+ words, 2,983 scripts, 432 diagrams, 11 parts.

Buy Complete Collection
Technical Bundle
Volumes II + III + V
179.90
€194.70 if bought separately

Architecture, security, and infrastructure end-to-end. For engineering teams, security engineers, and platform engineers.

Buy Technical Bundle
Product Price Action
Volume I €34.90 Buy Volume I
Volume II €59.90 Buy Volume II
Volume III €84.90 Buy Volume III
Volume IV €64.90 Buy Volume IV
Volume V €49.90 Buy Volume V
Volume VI €64.90 Buy Volume VI
Operator & Governance Bundle €149.90 Buy Operator Bundle
Technical Bundle €179.90 Buy Technical Bundle
Complete Collection €279.90 Buy Complete Collection

verified_user One-time purchase. Six standalone volumes, two role-based bundles, and one premium complete collection.

What Readers Say

Trusted by Engineering Leaders

Feedback from senior architects and CTOs in the iGaming industry.

★★★★★

"This is the book I wish existed when we started building our platform. The payment state machine chapter alone saved us months of trial and error. The production scripts are genuinely copy-paste ready."

MR
Marcus R.
VP of Engineering, iGaming Operator (Malta)
★★★★★

"We used the GLI-GSF compliance chapter and the Terraform modules to pass certification three months ahead of schedule. The multi-jurisdiction coverage is unmatched by any other resource."

SK
Sofia K.
CTO, Sports Betting Startup (London)
★★★★★

"The Kubernetes fleet management and FinOps chapters transformed how we think about infrastructure cost. We reduced our AWS bill by 34% in the first quarter after implementing the patterns."

DL
Daniel L.
Principal Architect, Gaming Platform (Curacao)
Implementation Blueprint

Gap Analysis: 100% Complete

Every service has been built, tested, and validated on real infrastructure. The platform blueprint is not theoretical — it runs.

10
Tier 1 Services Built
Wallet, KYC, Notifications, Ledger, Disputes, Workflow, Geofencing, Supplier, Config, Reporting
14
Release-Gate Scripts
Automated quality gates that block deployment until every service passes
556
Tests Passing
Full pytest suite: unit, integration, edge cases, and compliance scenarios
check_circle
Tested on Daileon
Validated on real bare-metal infrastructure, not just local dev environments
FAQ

Frequently Asked Questions

Everything you need to know before purchasing.

The book uses Go and Python as the primary languages for backend services, with significant coverage of TypeScript for Cloudflare Workers. Infrastructure code uses Terraform (HCL), Ansible (YAML), and Kubernetes manifests. All 2,983+ scripts are production-ready and well-commented.
No. Part I (Foundations) covers the complete ecosystem from scratch. However, you should have solid software engineering experience (3+ years) and familiarity with distributed systems concepts. The book takes you from zero iGaming knowledge to production-ready expertise.
The Essential tier includes all code samples and scripts from the book. The full simulation environment (8 microservices, K8s manifests, monitoring stack, CI/CD pipeline) is included in the Professional and Enterprise tiers.
If you are not satisfied for any reason, simply email us within 15 days of purchase for a refund, in accordance with Dutch consumer law and the EU Consumer Rights Directive. Valid for technical issues, product discrepancies, or duplicate purchases.
The book covers 112+ jurisdictions including UKGC, MGA (Malta), Curacao, Gibraltar, Isle of Man, Alderney, Brazil (Lei 14.790), US state-by-state (NJ, PA, MI, WV, and more), Philippines (PAGCOR), Macau, Japan, India, and several European regulators.
Essential tier includes 1 year of updates. Professional and Enterprise tiers include lifetime updates. The iGaming regulatory landscape changes frequently, and we keep the compliance chapters current with new regulations and jurisdictions.
Yes. All code is provided under a permissive license for use in your own projects. The scripts are designed to be production-ready starting points that you customize for your specific requirements. Many readers have deployed patterns directly from the book into regulated production environments.
Stay Updated

Get a Free Sample Chapter

Join the newsletter and receive Chapter 10 (Complete Platform Architecture) for free.

No spam. Unsubscribe anytime.

Tech Stack

Engineering the AcmeToCasino Platform

A production iGaming stack built on event-sourced microservices, edge compute, and hardware-backed security — tuned for Brazilian and MGA regulated markets.

architecture

Platform Architecture

Python and Go microservices with Kafka KRaft event streaming, CQRS read models, and domain-driven boundaries across PAM, wallet, betting, and settlement.

verified_user

Compliance & Responsible Gaming

LGPD and MGA-aligned pipelines, KYC and AML workflows, self-exclusion registries, deposit limits, and SIGAP reporting wired into the transaction path.

casino

RNG & Game Logic

Certified RNG, deterministic math models, seed management, and round auditability for casino, crash, and sportsbook products with GLI-compliant evidence trails.

bolt

Edge Computing

Cloudflare Workers at 300+ PoPs handle geo-routing, rate limiting, KV-backed feature flags, and static delivery — absorbing traffic before it reaches the origin.

monitoring

Realtime Ops

Live ops dashboards stream health, bet throughput, and service topology from Prometheus, Loki, and Kafka — giving operators a single pane of glass.

key

Security & HSM

Yubico HSM-backed signing keys, Argon2id credentials, TDE at rest, mTLS between services, and Wazuh SIEM correlating audit, access, and fraud signals.

database

Storage & Persistence

PostgreSQL with Patroni HA plus Redis cluster for sessions and cache, MinIO/S3 for KYC documents and encrypted-at-rest backups with pgcrypto, and Wasabi cloud for long-term retention.