Compliance Oriented Kubernetes for Amazon EKS. Setup machine images that are compliance oriented for PCI/HIPAA/SOC2 and setup clusters using Terraform.
- Encrypted Root Volume
- OSSEC: File System Monitoring for Changes.
- Logging via LogDNA
- Build Public Image on All Regions
- 2FA Login with Duo
- Third Party
- LogDNA
- Foxpass
- Duo
This image is created using Packer so you will need to install it. Once you are done edit image.json
Update the region
, aws_access_key
and aws_secret_key
with the
appropriate regions.
To actually build the image run the following:
packer build image.json
To use this image with
kops
you need to pass in the AMI name listed.
an example .auto.tfvars file is below
foxpass_api_key = "<foxpass_api_key>"
cluster-name = "<name>"
ec2_keypair = "<keypair>"
in order to set up the bastion you need to download the private key and have it in the repository.
You can pass the environment variables CLOUDWATCH_AWS_ACCESS_KEY_ID
and CLOUDWATCH_AWS_SECRET_ACCESS_KEY
to push metrics into AWS
CloudWatch. To do so make sure that the key has permissions to the
following resources.
cloudwatch:PutMetricData
cloudwatch:GetMetricStatistics
cloudwatch:ListMetrics
ec2:DescribeTags
This project is brought to you by opsZero we provide Kubernetes and AWS Lambda Migration. If you need help with your Kubernetes Migration reach out.
This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.