How Generali Malaysia Optimizes Operations with Amazon EKS

Generali Malaysia accelerated its digital transformation by adopting Amazon EKS as the core container platform. The shift enabled rapid migration of legacy workloads, improved scalability, and reduced operational overhead. Leveraging Kubernetes orchestration and integrated AWS services, the insurer achieved higher availability across multiple service channels.

Migration Strategy and Initial Adoption

The project began with a detailed assessment of legacy applications, network topology, and data residency requirements. A phased approach moved non‑critical workloads into Amazon EKS clusters, allowing the team to validate deployment pipelines and resource quotas. Early successes demonstrated that containerization reduced time‑to‑market and improved service reliability.

To ensure seamless integration, the team employed Infrastructure as Code using AWS CloudFormation templates, which codified cluster configurations and security policies. Automated blue‑green deployments minimized disruption during the cutover, while observability tools captured performance metrics for continuous tuning. This disciplined methodology kept the migration on schedule and within budget.

Containerization with Amazon EKS Auto Mode

Generali activated Amazon EKS Auto Mode to let the control plane automatically adjust node group sizes based on real‑time demand. The feature monitors CPU utilization, memory pressure, and pod scheduling events, scaling resources without manual intervention. By delegating these decisions, the operations team reduced repetitive tasks and focused on higher‑value work.

Auto Mode also integrates with Amazon EC2 Spot Instances, enabling cost‑effective scaling during peak periods. The scheduler preferentially places workloads on Spot capacity while maintaining a buffer of On‑Demand instances for critical services. Combined with elastic scaling and informed capacity planning, this hybrid model delivered measurable savings and sustained performance under variable load.

Integration with AWS Networking Services

Generali leveraged Amazon VPC to isolate each environment, using private subnets and security groups to enforce strict traffic boundaries. VPC CNI plugin provided native IP address management, allowing pods to communicate directly with other AWS resources. This design eliminated NAT bottlenecks and simplified network policies.

To expose services externally, the architecture employs Amazon ALB Ingress Controller, which routes HTTP/HTTPS traffic to appropriate Kubernetes services. Integration with AWS WAF adds layer‑7 protection, while Route 53 manages DNS failover across regions. The addition of global load balancing and TLS termination further enhances resilience and secure access for end users.

Cost Management and Resource Optimization

Generali adopted Cluster Autoscaler alongside EKS Auto Mode to right‑size compute resources continuously. By defining resource requests and limits, the scheduler prevents over‑provisioning and reduces idle capacity. Detailed billing reports from AWS Cost Explorer highlight savings opportunities across workloads.

Workloads with predictable patterns are assigned to reserved instances, while bursty services remain on Spot pools. Tagging policies enforce cost allocation per business unit, and budget alerts notify stakeholders of overspend. This disciplined approach aligns cloud spend with business outcomes and drives continuous efficiency.

Security Enhancements and Compliance

Security is enforced through AWS IAM roles for service accounts, granting pods the minimum privileges needed to access AWS resources. Pod security policies restrict privileged operations, while Secrets Manager stores credentials encrypted at rest. Continuous scanning with Amazon GuardDuty detects anomalous activity.

Compliance requirements are satisfied by integrating AWS Config rules that validate cluster configurations against industry standards such as PCI DSS. Audit logs are centralized in Amazon CloudWatch Logs, providing immutable records for forensic analysis. Together these controls ensure the platform meets regulatory expectations.

Operational Monitoring and Continuous Improvement

Generali employs Prometheus for metrics collection and Grafana for visualization, delivering real‑time insight into cluster health, application latency, and resource utilization. Alerts configured in Amazon CloudWatch Alarms trigger automated remediation scripts via AWS Lambda. The combined stack enables rapid detection of performance degradation before it impacts customers.

Post‑incident reviews feed findings back into the CI/CD pipeline, where Helm charts are versioned and tested against security benchmarks. Integrated automated testing and policy enforcement verify deployment validation before promotion. This feedback loop cultivates a culture of incremental improvement, ensuring that each deployment benefits from lessons learned in previous cycles.