Skip to content

GSA/ansible-os-amazon-linux2-eks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Amazon Linux 2 optimized for EKS

Introduction


This ansible content will configure an Amazon Linux 2 optimized for EKS to be GSA complaint.

This code is based on the GSA GSA Amazon Linux Security Benchmark.

Code for the GSA EKS Benchmark will be coming soon.

Pre-Hardened Amazon Machine Images

ISE provides a maintained and hardened AWS EKS AMI. More information about usage can be found here.

Important Information

You should carefully read through the tasks to make sure these changes will not break your systems before running this playbook.

Role Variables

There are many role variables defined in defaults/main.yml.

The current default configuration will:
  • Enable IPv6 settings
  • Enable iptables
  • Enable auditing with rsyslog.
  • Lock users inactive for over 30 days.
The configuration will not:
  • Install and configure AIDE
  • Install and configure NTP
  • Configure the /etc/group wheel configurations

Other settings and services are listed. Please review to ensure they meet your organizational requirements.

Compliance documentation

For a complete list of settings that are configured, need to be configured, or are known false positives, please refer to the following documentation. Note this requires a GSA account to view.

Dependencies

Ansible >= 2.7

Example Playbook

---
- name: Harden Server
  hosts: all
  become: yes

  roles:
    - ansible-os-amazon-linux2-eks

How to test locally

ansible-playbook playbook.yml --connection=local

License

BSD.