Skip to content

jihed/eks-fsi-confidential-workloads

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

EKS FSI Confidential Workloads Reference Architecture

Overview

This repository contains a reference architecture for deploying confidential workloads in Financial Services Industry (FSI) environments using Amazon Elastic Kubernetes Service (EKS). It provides a secure, scalable, and compliant foundation for running sensitive applications on Kubernetes.

Table of Contents

Features

  • Secure EKS cluster configuration optimized for FSI workloads
  • Network isolation and segmentation
  • Secrets management integration
  • Automated compliance checks
  • Continuous monitoring and logging
  • GitOps-based deployment workflows

Architecture

Architecture Diagram

Our reference architecture includes:

  • Amazon EKS for orchestration
  • AWS VPC for network isolation
  • AWS Key Management Service (KMS) for encryption
  • AWS Secrets Manager for secrets management
  • Amazon CloudWatch for logging and monitoring
  • AWS Identity and Access Management (IAM) for access control

Prerequisites

  • AWS Account with appropriate permissions
  • AWS CLI configured with your credentials
  • kubectl installed and configured
  • Helm 3.x installed
  • Terraform 1.x

Deployment

  1. Clone this repository:
git clone https://github.com/your-username/eks-fsi-confidential-workloads.git
cd eks-fsi-confidential-workloads

  1. Review and customize the configuration files in the config directory.

  2. Deploy the infrastructure:

terraform init
terraform apply
  1. Apply Kubernetes manifests:
kubectl create -f manifest/

For detailed deployment instructions, refer to our Deployment Guide.

Security Considerations

  • Network Security: VPC configuration with private subnets, NACLs, and Security Groups
  • Pod Security: Implemented Pod Security Policies and OPA Gatekeeper
  • Data Encryption: Encryption at rest and in transit using AWS KMS
  • Access Control: Least privilege IAM roles and RBAC policies
  • Secrets Management: Integration with AWS Secrets Manager and External Secrets Operator

Compliance

This reference architecture is designed to help meet common FSI compliance requirements, including:

  • PCI DSS
  • SOC 2
  • GDPR
  • CCPA

Always consult with your compliance and legal teams to ensure all specific requirements are met.

Contributing

We welcome contributions! Please see our Contributing Guide for more details.

License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors