Migrating & Consolidating Critical NBFC Workloads from GCP to AWS

Client Overview

Indiagold is a prominent Indian FinTech company offering gold-backed financial services, including gold loans, digital gold, and secure storage. As a regulated NBFC (Non-Banking Financial Company) platform, their technology backbone requires rigorous compliance, high availability, and the ability to process financial transactions with zero data loss.
While Indiagold had already migrated its primary lending platform to AWS, its critical NBFC compliance and lending engine remained on Google Cloud Platform (GCP). This split infrastructure created operational friction, governance challenges, and fragmented DevOps practices. Indiagold partnered with SquareOps Technologies to migrate this remaining workload to AWS, achieving a unified, scalable, and compliant cloud environment.

Challenges

• Operating across two different cloud providers presented significant hurdles for Indiagold's engineering and operations teams:
  Operational Fragmentation: Managing disparate CI/CD pipelines (GitLab on GCP vs. AWS workflows) and observability stacks increased overhead and slowed down release cycles.
  Scaling for Hyper-Growth: The NBFC platform needed to scale from current volumes to millions of daily API calls to support rapid business expansion.
  Regulatory Compliance: As an NBFC, the platform had to meet strict RBI guidelines, requiring robust identity management (IAM), encryption, and auditability that needed to be standardized across the entire ecosystem.
  Complex Dependencies: The migration involved moving stateful components (MySQL, Redis) and complex microservices (Java Springboot, Python, Node.js) without disrupting active loan lifecycles.

Solution Implemented

• SquareOps executed a strategic "Incremental Migration" over an 8-week timeline, ensuring a seamless transition from GCP to AWS with minimal downtime.
  1. Unified Compute & Orchestration (GKE to EKS) We migrated the microservices architecture from Google Kubernetes Engine (GKE) to Amazon Elastic Kubernetes Service (EKS) to align with the primary lending platform.
  Smart Scaling: Implemented Karpenter for high-performance, cost-effective node autoscaling, replacing standard cluster autoscalers.
  GitOps Automation: Replaced legacy GitLab pipelines with a modern GitOps workflow using GitHub Actions, Amazon ECR, and ArgoCD, creating a standardized deployment process across all environments.
  2. Database & Storage Migration To ensure data integrity for financial records, we performed a one-to-one mapping of managed services:
  Relational Data: Migrated Google Cloud SQL to Amazon RDS for MySQL using strategies to ensure near-zero downtime.
  Caching Layer: Transitioned from GCP Memorystore to Amazon ElastiCache for Redis to support high-speed query caching.
  Object Storage: Migrated document stores from GCS Buckets to Amazon S3 with strict access policies.
  3. Security-First Architecture (RBI Aligned) We designed the AWS environment to meet stringent financial regulations:
  Identity Management: Implemented IAM Roles for Service Accounts (IRSA) to enforce least-privilege access for pods, completely eliminating the need for long-lived static credentials.
  Vulnerability Management: Integrated Trivy into the CI/CD pipeline to automatically scan container images for Common Vulnerabilities and Exposures (CVEs) before deployment, alongside native Amazon ECR image scanning.
  Secure Remote Access: Removed standard SSH access to reduce the attack surface. We implemented AWS Systems Manager (SSM) for secure, auditable instance access and deployed Pritunl VPN for restricted, encrypted connections to private database endpoints.
  Network Security: Deployed AWS WAF (Web Application Firewall) with managed rule sets to block common web exploits and enforced strict network segmentation using private subnets and NACLs.
  Encryption & Auditing: Enforced strict encryption at rest and in transit using SSL/TLS certificates. Additionally, AWS CloudTrail and VPC Flow Logs (with 60-day retention) were enabled to provide comprehensive audit trails for all API actions and network traffic.
  Secrets Management: Centralized secret storage using AWS Secrets Manager, integrated directly with EKS via the External Secrets Operator to inject secrets dynamically without exposing them in code repositories.

4. Enhanced Observability We replaced the fragmented GCP logging stack with a centralized AWS observability suite:
Unified Dashboard: Deployed Amazon Managed Service for Prometheus and Grafana to provide real-time visibility into application performance and API latency.
Centralized Logging: Consolidated logs using Amazon CloudWatch Logs for comprehensive audit trails required for compliance.

Results & Business Impact

100% Cloud Consolidation: Successfully unified the entire infrastructure on AWS, reducing operational friction and simplifying vendor management.
High Availability: Achieved a resilient Multi-AZ architecture capable of handling millions of daily transactions with automated failover capabilities.
Operational Efficiency: The move to Karpenter and managed services (RDS, ElastiCache) significantly reduced the manual overhead required for platform maintenance.
Improved Security Posture: The new environment is fully aligned with RBI expectations, featuring automated compliance scans (Trivy) and end-to-end encryption.

Conclusion

By migrating Indiagold’s NBFC engine to AWS, SquareOps eliminated the complexity of a multi-cloud split, delivering a streamlined, secure, and hyper-scalable platform ready for the next phase of fintech growth.