Skip to content
HIPAA/PCI/SOC2 Compliance Oriented Kubernetes
HCL Shell Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
azure Fix Sep 11, 2019
docs Update Jul 16, 2019
eks AWS (#54) Sep 10, 2019
gcp Clean up Sep 11, 2019
serverless Added sql for gcp Sep 10, 2019
.gitignore VPN + Bastion LogDNA (#47) Jul 17, 2019
LICENSE Initial commit Apr 9, 2017
Makefile Have a build command Aug 10, 2017 WIP: Foxpass VPN (#37) Jun 28, 2019


Compliance Oriented Kubernetes for Amazon EKS. Setup machine images that are compliance oriented for PCI/HIPAA/SOC2 and setup clusters using Terraform.


  • Encrypted Root Volume
  • OSSEC: File System Monitoring for Changes.
  • Logging via LogDNA
  • Build Public Image on All Regions
  • 2FA Login with Duo
  • Third Party
    • LogDNA
    • Foxpass
    • Duo


This image is created using Packer so you will need to install it. Once you are done edit image.json

Update the region, aws_access_key and aws_secret_key with the appropriate regions.

To actually build the image run the following:

packer build image.json

To use this image with kops you need to pass in the AMI name listed.

an example .auto.tfvars file is below

foxpass_api_key = "<foxpass_api_key>"
cluster-name = "<name>"
ec2_keypair = "<keypair>"

in order to set up the bastion you need to download the private key and have it in the repository.


You can pass the environment variables CLOUDWATCH_AWS_ACCESS_KEY_ID and CLOUDWATCH_AWS_SECRET_ACCESS_KEY to push metrics into AWS CloudWatch. To do so make sure that the key has permissions to the following resources.


Supported Images

Project by opsZero

This project is brought to you by opsZero we provide Kubernetes and AWS Lambda Migration. If you need help with your Kubernetes Migration reach out.


This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at

You can’t perform that action at this time.