AWS Architecture Blog·March 23, 2026Generali Malaysia's EKS-based Microservices Architecture for Insurance Operations
Generali Malaysia modernized its insurance operations by migrating legacy applications to a cloud-native, microservices architecture leveraging Amazon EKS. This case study highlights their adoption of EKS Auto Mode for operational efficiency and integrates various AWS security, monitoring, and networking services to build a robust and scalable platform, aligning with the AWS Well-Architected Framework.
Read original on AWS Architecture BlogGenerali Malaysia embarked on a digital transformation journey to modernize its insurance technology stack, driven by the need for scalability, portability, and operational efficiency. They adopted a containerized microservices architecture with Amazon Elastic Kubernetes Service (EKS) as their core platform for hosting critical digital applications and core insurance solutions.
Architectural Principles and AWS Well-Architected Framework
Generali's solution is designed following the AWS Well-Architected Framework's six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability. This structured approach helps ensure a robust, scalable, and secure platform. Key benefits include improved system resilience, enhanced security through AWS IAM and network policies, optimized costs, and sustainable practices.
Well-Architected Framework for Modernization
Adopting a framework like AWS Well-Architected provides a structured way to evaluate and implement cloud architectures, ensuring considerations for operational excellence, security, reliability, performance, cost, and sustainability are addressed from the outset. This is crucial when migrating legacy systems or building new cloud-native applications.
Leveraging Amazon EKS Auto Mode for Operational Efficiency
To address operational inefficiencies and complexities arising from a growing portfolio of containerized applications, Generali adopted Amazon EKS Auto Mode. This mode automates cluster infrastructure management, providing production-ready environments with minimal operational overhead, dynamic resource scaling, and consistent security practices through automated upgrades. It manages underlying nodes, load balancers, and storage configuration, handling operating system patching (Bottlerocket), EKS add-ons, and cluster upgrades.
- Disruption Control: To prevent impacts from automatic node upgrades, Generali configured maintenance windows during off-peak hours and utilized Kubernetes' Pod Disruption Budgets (PDBs) and Node Disruption Budgets (NDBs) to ensure critical applications remained available.
- Stateless Microservices: A core reliability principle is the use of stateless microservices, treating pods as immutable, and using Helm charts for standardized deployments.
- Horizontal Pod Autoscaler (HPA): Employed to scale services dynamically based on traffic and resource utilization.
Comprehensive Security Integrations
Generali integrated several AWS security services to fortify their EKS environment:
- Amazon GuardDuty Extended Threat Detection: Provides automated correlation of security signals across EKS audit logs, runtime behaviors, malware execution, and AWS API activity to identify sophisticated multi-stage attacks.
- Amazon Inspector: Maps Amazon ECR images to running containers, allowing security teams to prioritize vulnerability remediation based on actively deployed containers rather than just repository images.
- AWS Network Firewall: Filters outbound HTTPS traffic from EKS applications by restricting connections to an allow list of hostnames using Server Name Indication (SNI), enhancing egress security and compliance.
- AWS Secrets Manager: Used as a best practice for dynamic retrieval and management of sensitive credentials, avoiding hard-coding secrets into deployment templates and supporting stateless container design.