1. Introduction
In this blog post, I’ll share my journey creating GameHub Platform, a student-focused gaming ecosystem inspired by Steam, built using a variety of AWS services.
For security reasons, I won’t reveal sensitive implementation details. Instead, I’ll provide clear architectural insights and technical highlights so you can envision and build a similar system on your own.
2. Problem Statement
At FPT University, two majors naturally complement each other: graphic design and game development. Students in graphic design create stunning 2D and 3D assets, while game developers craft engaging games. Yet, despite their synergy, these groups lacked a shared platform to collaborate, showcase, and monetize their work.
Here’s the gap GameHub Platform aims to fill:
- Graphic design students can upload and display their game assets like images, models, and animations.
- Game development students browse, download, and use these assets to build their games.
- Finished games get published and sold right on the platform.
The result? A vibrant ecosystem that promotes learning, creativity, and entrepreneurship among students - a mini Steam tailored for campus talents.
3. Architecture Overview
Here’s a high-level look at the GameHub Platform’s architecture, organized into three layers:
3.1 CI/CD Pipeline
- Source code for frontend and backend lives in GitHub.
- On each commit, GitHub Actions builds Docker images and pushes them to Amazon ECR (Elastic Container Registry).
- Automated deployments trigger updates to development, staging, and production environments.
3.2 Cloud Environment
- Backend services run on Amazon EKS (Elastic Kubernetes Service), handling traffic via a Load Balancer.
- Persistent data is stored in a combination of Amazon RDS for relational data, MongoDB Atlas for flexible metadata, and Amazon S3 for asset storage.
- Frontend UI is served via AWS Amplify and cached globally with CloudFront CDN.
- Security is enforced using AWS WAF, Security Groups, and network policies.
3.3 Feature Services
Additional services enrich the platform:
- Payment Gateway integrates Stripe/PayOS for smooth transactions.
- Student ID Verification uses Amazon Textract for automated card scanning.
- Virus Scanning ensures uploaded files are safe using the VirusTotal API.
- Real-time Notification Service alerts users of important events.
4. Tech Stack & Key Services Used
Choosing the right tech stack was critical to ensuring the platform could scale, stay secure, and remain cost-effective. Here’s a snapshot of the core tools and why they were chosen:
| Service / Tool | Category | Why It Was Chosen |
|---|---|---|
| Next.js + TailwindCSS | Front-End Framework | Fast development with modern UI utilities and great SEO support. |
| AWS Amplify + CloudFront | Front-End Hosting & CDN | Low-latency global distribution for frontend assets. |
| .NET Core (Dockerized) | Back-End API | Robust, cross-platform, high-performance microservices. |
| Amazon ECR | Container Registry | Seamless integration with AWS services and CI/CD pipelines. |
| GitHub Actions | CI/CD Pipeline | Native GitHub integration, flexible YAML workflows. |
| Amazon EKS (Kubernetes) | Container Orchestration | Managed Kubernetes with scaling, high availability, and strong AWS integration. |
| RabbitMQ | Message Broker | Decouples services and handles asynchronous tasks efficiently. |
| Amazon RDS (MySQL) | Relational Database | Reliable, managed SQL database with automated backups. |
| Amazon ElastiCache (Redis) | Caching Layer | Speeds up frequent queries, reduces load on databases. |
| Amazon OpenSearch | Log Aggregation & Search | Centralizes logs for monitoring and troubleshooting. |
| Amazon S3 | Object Storage | Durable storage for game assets, screenshots, and other user uploads. |
| AWS WAF + Security Groups | Security | Protects infrastructure from malicious traffic and controls access. |
| Amazon Route 53 + ACM | DNS & SSL | Custom domain routing and free TLS certificates. |
| Amazon CloudWatch | Monitoring & Logging | Provides metrics, alarms, and insights for operational health. |
| AWS Lambda | Event-Driven Functions | Lightweight, on-demand compute for scanning, notifications, and integration. |
| VirusTotal API | Malware Detection | Automatically scans uploaded files to detect threats. |
| Amazon Textract | Document Extraction | Extracts and verifies student ID card data automatically. |
| Stripe / PayOS | Payment Processing | Secure and simple API for processing payments. |
| MongoDB Atlas | NoSQL Data Store | Flexible metadata storage for assets and user data. |
A thoughtfully chosen tech stack forms the foundation for a reliable, scalable, and maintainable platform.
5. Deep Dive: Back-End Services on EKS with gRPC
To handle the platform’s complexity, the backend is split into microservices running in a Kubernetes cluster on Amazon EKS.
5.1 Microservices Breakdown
Key services include:
- Main Service: Manages games, assets, and user interactions.
- Payment Service: Handles all transaction-related logic.
- Role Management: Manages user permissions and access levels.
- Notification Service: Sends emails, in-app alerts, and push notifications.
Each service runs in its own Kubernetes pod, enabling independent scaling and easier updates.
5.2 Why Kubernetes (EKS)?
EKS was selected because:
- It offers automatic scaling and high availability.
- Deep integration with AWS services (IAM, CloudWatch, VPC).
- Simplifies deployments using standard Kubernetes tooling and GitOps workflows.
This allows the platform to efficiently adapt to varying traffic from student uploads, downloads, and transactions.
5.3 gRPC for Inter-Service Communication
Instead of REST APIs, services communicate via gRPC using protocol buffers:
| Feature | Benefit |
|---|---|
| Performance | Compact binary format for faster serialization. |
| Low Latency | Efficient use of HTTP/2 improves speed. |
| Strong Typing | Protobuf contracts reduce errors. |
| Bi-directional | Supports streaming data and advanced RPCs. |
This ensures fast, reliable, and maintainable communication inside the Kubernetes cluster.
5.4 Security
- gRPC traffic is confined to the private VPC network.
- Kubernetes Network Policies restrict service-to-service access.
- Public-facing endpoints are secured with authentication and AWS WAF rules.
- IAM and Kubernetes RBAC policies enforce least privilege access.
6. Feature Services
Beyond core gameplay and asset management, GameHub Platform integrates specialized services to boost security and usability:
6.1 VirusTotal for Malware Scanning
Before any game or asset is published, it is scanned via the VirusTotal API to detect viruses or malware. This protects the community from harmful content and builds trust in the platform.
6.2 Amazon Textract for Student ID Verification
Users upload photos of their student ID cards. Amazon Textract extracts textual data, which is then cross-checked against the university’s database to verify enrollment status. This helps gatekeep student-only features.
6.3 Payment Gateway Integration
Payments are handled via Stripe or PayOS, offering students an easy and secure way to buy and sell games and assets.
6.4 Notification Service
Real-time alerts via email and in-app notifications keep users informed about new assets, transactions, and platform updates.
6.5 Storage and Asset Management
Amazon S3 provides scalable, secure storage for all uploaded content, backed by lifecycle policies and encryption.
7. Conclusion & Lessons Learned
Building GameHub Platform was a rewarding journey that taught me a lot about cloud architecture, container orchestration, and integrating multiple AWS services to build a real-world application.
Key takeaways:
- Modular microservices running on Kubernetes offer flexibility and scalability.
- Using gRPC improves performance and maintainability for internal APIs.
- Cloud-native services like Amazon Textract and VirusTotal APIs add critical security layers.
- Automating deployments with CI/CD pipelines accelerates delivery and reduces errors.
If you’re inspired to build your own cloud-native platform or want to learn more about AWS, Kubernetes, and modern microservices design, feel free to reach out. I’m happy to share insights or collaborate!
Let’s keep innovating and building great things together!
You can contact me at:
📧 vbachdoan@gmail.com
🔗 LinkedIn Profile: vuongbd2007
Thank you for reading and happy coding! 🚀
Top comments (2)
Can you explain more about how you keep students’ uploaded assets organized and manage versioning on S3?
Below I explain about how we manage S3 buckets for uploaded assets and games on platform:
Bucket Structure:
We use two separate S3 buckets to store games and assets:
gamehub-platform-games-abc: stores developer's game packagesgamehub-platform-games-asset-abc: stores developer's assets (e.g., images, audio, fonts)Upload Process:
The upload process consists of three main phases:
We have an API service running in a Kubernetes Pod, responsible for handling upload requests and returning presigned URLs. The actual upload is performed directly from the client using these URLs.
S3 Folder Structure:
Each user has a dedicated folder based on their user ID. Example paths:
gamehub-platform-games-abc/<user_id>/<game_id>/<game_name>.exegamehub-platform-assets-abc/<user_id>/<assets_id>/<assets_name>.pngUser ID verification is implemented in the API service to ensure that users can only upload or interact with objects under their own user ID directory.
Versioning:
Why use two separate buckets instead of folders in one bucket?
We have RBAC (Role-Based Access Control) implemented, and different Moderator roles may have different levels of access. For example: