y0zg/eks-web-application

EKS Demo Lab

This demo environment is set up with a few significant flaws that should not be replicated in production environments. These flaws are intentional, except for the ones that weren't ;).

The sole purpose of this demo environment is to identify flaws by using third party tools to identify "opportunities for improvement." Don't use this as an example of my work, unless you're looking for a cautionary tale.

Flaws

An outdated version of Ubuntu and MongoDB are used for the MongoDB server
Logs are directly written to a public S3 bucket
IMDSv2 is not enabled
The EKS cluster is not configured to use a private endpoint
MongoDB instance EBS volumes are not encrypted
The MongoDB instance is not configured to use TLS
The MongoDB instance profile has overly permissive IAM permissions
ECS images are not scanned for vulnerabilities
And more!

Requirements

Name	Version
terraform	>=1.5.7
aws	>=5.17.0
helm	2.11.0
kubectl	1.14.0
kubernetes	2.23.0
local	2.4.0
null	3.2.1
random	3.5.1
time	>=0.9.1
tls	4.0.4

Providers

Name	Version
aws	5.17.0
aws.virginia	5.17.0
kubernetes	2.23.0
local	2.4.0
null	3.2.1
random	3.5.1
tls	4.0.4

Inputs

Name	Description	Type	Default	Required
common_tags	Common variables for all modules	`map(string)`	n/a	yes
mongodb_version	Version of MongoDB to install	`string`	n/a	yes

Outputs

Name	Description
ami_creation_date	Old Ubuntu AMI creation date
ami_id	Old Ubuntu AMI ID
instance_id	MongoDB instance ID
mongodb_connection_string	MongoDB connection string
mongodb_password	MongoDB password
ssh_key_filename	MongoDB SSH command

About

Languages

Language:HCL 75.2%Language:Shell 9.6%Language:HTML 5.7%Language:Python 5.5%Language:CSS 2.4%Language:Just 0.9%Language:Dockerfile 0.7%