This demo environment is set up with a few significant flaws that should not
be replicated in production environments. These flaws are intentional, except
for the ones that weren't ;).
The sole purpose of this demo environment is to identify flaws by using third
party tools to identify "opportunities for improvement." Don't use this as an
example of my work, unless you're looking for a cautionary tale.
Flaws
An outdated version of Ubuntu and MongoDB are used for the MongoDB server
Logs are directly written to a public S3 bucket
IMDSv2 is not enabled
The EKS cluster is not configured to use a private endpoint
MongoDB instance EBS volumes are not encrypted
The MongoDB instance is not configured to use TLS
The MongoDB instance profile has overly permissive IAM permissions