Compliance Oriented Kubernetes for Amazon EKS. Setup machine images that are compliance oriented for PCI/HIPAA/SOC2 and setup clusters using Terraform.

• Encrypted Root Volume
• OSSEC: File System Monitoring for Changes.
• Logging via LogDNA
• Build Public Image on All Regions
• 2FA Login with Duo
• Third Party
  • LogDNA
  • Foxpass
  • Duo

This image is created using Packer so you will need to install it. Once you are done edit image.json

Update the region, aws_access_key and aws_secret_key with the appropriate regions.

To actually build the image run the following:

packer build image.json

To use this image with kops you need to pass in the AMI name listed.

an example .auto.tfvars file is below

foxpass_api_key = "<foxpass_api_key>"
cluster-name = "<name>"
ec2_keypair = "<keypair>"

in order to set up the bastion you need to download the private key and have it in the repository.

You can pass the environment variables CLOUDWATCH_AWS_ACCESS_KEY_ID and CLOUDWATCH_AWS_SECRET_ACCESS_KEY to push metrics into AWS CloudWatch. To do so make sure that the key has permissions to the following resources.

cloudwatch:PutMetricData
cloudwatch:GetMetricStatistics
cloudwatch:ListMetrics
ec2:DescribeTags

• AWS Marketplace

This project is brought to you by opsZero we provide Kubernetes and AWS Lambda Migration. If you need help with your Kubernetes Migration reach out.

This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.