Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

EKS Preventative Controls

This is a project of TypeScript development with CDK for setting up a CodePipeline with EKS preventative control checks via Conftest.

High Level Architecture

Deployment Steps

At the high level, to deploy the solution, we need to conduct the following steps:

  1. create a new empty AWS CodeCommit repo and git clone that empty repo to your development terminal. Please record the repo name which will be used in later step. In our example, we named the repo as “cdk_auto_k8s_controls”.
  • $ git clone codecommit::ap-southeast-2://cdk_auto_k8s_controls
  1. On your development terminal, git clone the source code of this blog post from the repo.
  • $ git clone
  • $ cd eks-preventative-controls/
  1. Copy the source code of the blog post cloned in step 2 to the other local directory linked to the empty CodeCommit repo created in step 1, and commit & push all the code files to the CodeCommit repo.
  • $ cp -r ./* ../cdk_auto_k8s_controls
  • $ cd ../cdk_auto_k8s_controls
  • $ git add .
  • $ git commit -m "push blog post source code to codecommit repo"
  • $ git push
  1. Configure the CDK context parameters which will be used to provision the EKS cluster in your AWS account later by the pipeline.
  • $ cd cdk-eks
  • $ vi cdk.json
  • (Set the cluster name as you like)
  • "cluster-name": "cdk-auto-k8s-controls",
  • (Replace the following example with real VPC ID value)
  • "vpc-id": "vpc-0xx12345x1230x123",
  1. Configure the CDK context parameters which will be used to provision the pipeline in your AWS account via “cdk deploy”.
  • $ cd ../cdk-pipeline
  • $ vi cdk.json
  • (Set the pipelie name as you like)
  • "pipeline-name": "EksDeployPipeline",
  • (Verify the conftest-download-url as below)
  • "conftest-download-url": "",
  • (Set the repo name as the one you used in Step 1 described above)
  • "codecommit-repo-name": "cdk_auto_k8s_controls"
  1. Now provision the CodePipeline instance in your AWS account via “cdk deploy”. It takes around 5-6 minutes.
  • $ npm install
  • $ npm run build
  • $ npx cdk ls
  • CdkPipelineStack
  • $ npx cdk deploy
  • ...
  • Do you wish to deploy these changes (y/n)?y
  1. Finish.


Jasper Wang, Cloud Consultant

Deenadayaalan Thirugnanasambandam, Principal Solutions Architect


See CONTRIBUTING for more information.


This library is licensed under the MIT-0 License. See the LICENSE file.


No description, website, or topics provided.



Code of conduct


No releases published


No packages published

Contributors 4