Professional Documents
Culture Documents
Tasks Done or Not
Tasks Done or Not
Tasks Done or Not
* [] Region eu-west-1. Ranges 10.101.0.0/16 for dev vpc, 10.102.0.0/16 for prod
vpc. DONE
* [] Configure VPC NACL to disallow all ingress traffic and allow on a as needed
basis DONE
* [] Configure VPC NACL to disallow all egress traffic and allow on a as needed basis/
only allowed out via peer to shared vpc
DONE
* [] Configure flow logs on VPC
DONE
* [] log buckets should have logging enabled
DONE
* [] log buckets should enforce https
DONE
* [] log buckets should be encrypted
DONE
* [] log buckets should required MFA to delete
DONE
* [] log buckets should implement versioning
DONE
* [] log buckets should have minimal replication and storage class of Intelligent Tiering
- Deep Archive Access Tier
DONE
* [] Configure subnets NACL to disallow all ingress traffic and allow on a as needed
basis
DONE
* [] Configure subnets NACL to disallow all egress traffic and allow on a as needed
basis
DONE
* [] Configure flow logs on all subnets
DONE
EKS clusters:
Dev cluster name - dev-****
Prod clustername - prod-****
* [] Use t3.medium instance types for the EKS nodes. The cluster/s should have initially
2 worker nodes
DONE
* [] Create AWS IAM role aws-eks-{YOURNAME}-prod
DONE
* [] Create aws IAM role aws-eks-{YOURNAME}-dev
DONE
* [] Deploy an EC2 instances which will be called “stepstone" in the public range. Make
sure that the stepstone instance is secure enough(IP based restrictions) DONE
* [] Add your personal account to roles aws-eks-{YOURNAME}-dev and
aws-eks- {YOURNAME}-prod
Done
* [] Deploy the DEV cluster in the private subnets. The cluster must have a single EC2
node, type t3.medium. Make sure that the instances are tagged properly DONE
* [] Deploy the PROD cluster in the private subnets. The cluster must have a single EC2
node, type t3.medium. Make sure that the instances are tagged properly
Done
* [] Provide the hostname of the Load Balancer so we could point demo DNS records to
it. The DNS records will be web-{YOURNAME}.gotoadmins.cloud.
Prepare ingress for app-{YOURNAME}.gotoadmins.cloud , add SSL cert (contact us so
we could configure the necessary DNS records) and make sure
that it could be associated with another domain in the future.
Not DONE –because of my time limitation I didn’t configured it.
* [] Deploy Jenkins in the K8S cluster. The hostname associated with Jenkins should
jenkins-{YOURNAME}.gotoadmins.cloud.
Jenkins should be reachable via HTTPS as well.
DONE
* [] Link Jenkins to your github repository
Not DONE - because of my time limitation I didn’t configured it.
Kind regards,