Skip to content

aws-samples/eks-preventative-controls

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits

cdk-eks

cdk-eks

 
 

cdk-pipeline

cdk-pipeline

 
 

conftest

conftest

 
 

k8s-manifests

k8s-manifests

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Solution_Overview.png

Solution_Overview.png

 
 

Repository files navigation

EKS Preventative Controls

This is a project of TypeScript development with CDK for setting up a CodePipeline with EKS preventative control checks via Conftest.

High Level Architecture

Deployment Steps

At the high level, to deploy the solution, we need to conduct the following steps:

  1. create a new empty AWS CodeCommit repo and git clone that empty repo to your development terminal. Please record the repo name which will be used in later step. In our example, we named the repo as “cdk_auto_k8s_controls”.
  • $ git clone codecommit::ap-southeast-2://cdk_auto_k8s_controls
  1. On your development terminal, git clone the source code of this blog post from the repo.
  • $ git clone https://github.com/aws-samples/eks-preventative-controls.git
  • $ cd eks-preventative-controls/
  1. Copy the source code of the blog post cloned in step 2 to the other local directory linked to the empty CodeCommit repo created in step 1, and commit & push all the code files to the CodeCommit repo.
  • $ cp -r ./* ../cdk_auto_k8s_controls
  • $ cd ../cdk_auto_k8s_controls
  • $ git add .
  • $ git commit -m "push blog post source code to codecommit repo"
  • $ git push
  1. Configure the CDK context parameters which will be used to provision the EKS cluster in your AWS account later by the pipeline.
  • $ cd cdk-eks
  • $ vi cdk.json
  • (Set the cluster name as you like)
  • "cluster-name": "cdk-auto-k8s-controls",
  • (Replace the following example with real VPC ID value)
  • "vpc-id": "vpc-0xx12345x1230x123",
  1. Configure the CDK context parameters which will be used to provision the pipeline in your AWS account via “cdk deploy”.
  • $ cd ../cdk-pipeline
  • $ vi cdk.json
  • (Set the pipelie name as you like)
  • "pipeline-name": "EksDeployPipeline",
  • (Verify the conftest-download-url as below)
  • "conftest-download-url": "https://github.com/open-policy-agent/conftest/releases/download/v0.24.0/conftest_0.24.0_Linux_x86_64.tar.gz",
  • (Set the repo name as the one you used in Step 1 described above)
  • "codecommit-repo-name": "cdk_auto_k8s_controls"
  1. Now provision the CodePipeline instance in your AWS account via “cdk deploy”. It takes around 5-6 minutes.
  • $ npm install
  • $ npm run build
  • $ npx cdk ls
  • CdkPipelineStack
  • $ npx cdk deploy
  • ...
  • Do you wish to deploy these changes (y/n)?y
  1. Finish.

Contributors

Jasper Wang, Cloud Consultant

Deenadayaalan Thirugnanasambandam, Principal Solutions Architect

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.

About

No description, website, or topics provided.

Resources

Readme

License

MIT-0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

6 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages