Compare Proposal

Nothing to compare.

AWS - EKS Secured service end to end

  • Posted at : 7 months ago
  • Post Similar Project
100

Budget
14
Proposals
602
Views
Awarded
Status
Skills Required

Posted By -

PG

5.0
Projects Posted : 6
Projects Paid : 2
Services Purchased : 0
Total Spent :
85
Feedbacks : 100 %

Project Details show (+) hide (-)

Hi, 

I will be looking for a AWS - EKS solution in a secured approach.

The architecture should include the below standards.
The Management VPC acts as the gateway for operators to reach into the Application VPCs, and contains services such as:
CI/CD (Jenkins )
Monitoring utilities
VPN servers and Bastion hosts
The Application VPC, on the other hand, contains all your services:
EKS, both the control plane and the worker nodes
Lambda functions
RDS
ElastiCache
Any other data stores (e.g ELK)
Each VPC is further divided into tiers by subnet:
Public subnets: accessible from the public Internet. Used solely for highly locked down entrypoints, such as load balancers and VPN servers.
Private app subnets: used to run apps. Only accessible from within the VPC.
Private persistence subnets: used to run data stores. Only accessible from within the VPC. In fact, only from private app subnets
Expected deliverables:



1.  Managed VPC (Account-1)
1.1. Only for management VPC CI/CD, Bastion host ( run kubectl from this host. ), monitoring. 
1.2. Monitoring utilities
1.3 Jenkins to deploy code into EKS cluster on (Account-2)
2. Application VPC (Account-2)
2.1  It's the main VPC for EKS
2.2  maintain 3 layers
2.2.1  - public-subnet-1 (only for ELB), which will points to private-1 EKS worker node pods
2.2.2  - private-subnet-1 , EKS woker nodes 
2.2.3  - private-subnet-2, EKS - Control plane
2.2.4 - Between private-subnet-1 i.e worker nodes to private-subnet-2 i.e EKS Control Plane, use Load Balancer to point to EKS endpoint


3. The modules should be written in Terraform end to end of the above.
4. Also, we need CloudFormation template of the similar above
5. Sample application deployment using the CI/CD from management VPC, which will  then deploy into EKS in a different VPC under private subnets.
6. Include the point 5  in Ansible, so that management VPC can be deployed with its components  using Ansible.

7. Full level of PPT presentation, indepth documentation. Also webex 1-1 session to go through the full worth of the code. We can discuss more if any changes needed.




POC:  Before we go though with Terraform/CloudFormation, we can run using AWS console. 
Once we agree the solution  you can start using the Terraform /Cloudformation/Ansible modules.

Example: some docs for you to go through:

https://docs.gruntwork.io/guides/deploying-a-production-grade-eks-cluster/
https://blog.gruntwork.io/how-to-build-an-end-to-end-production-grade-architecture-on-aws-part-1-eae...


If more details required, we can arrange a call once we agree price.