AWS EKS Configured for SOC2, HIPAA, and PCI

Kubespot (AWS) configures everything a company needs to run Django, Ruby on Rails, NodeJS or any application that fits within a Docker container on Kubernetes. It does this while also including the security postures required for SOC2, HIPAA, and PCI compliance, cost optimizations to require fewer resources, the ability to scale from 2 instances to hundreds without breaking a sweat or the bank, and most importantly to develop and deploy software quickly.

Best of all it is completely open source!


Why Kubespot?

Open Source

We built Kubespot to be completely open source as we want to make security a prime concern for companies and don't want to limit security to vendor locked in solutions.

Production Loads

Kubespot has been in use in production for nearly half a decade and has supported healthcare startups, finance startups, enterprise startups, and ecommerce startups.

Security Vetted

By setting up Kubespot you don't have to rediscover security best practices and implement them yourself. You can build on a solid foundation.

What is Kubespot?

Kubespot is AWS EKS customized to add security postures around SOC2, HIPAA, and PCI compliance. It is distributed as an open source terraform module allowing you to run it within your own AWS account without lock-in. Kubespot has been developed over a half a decade evolving with the AWS EKS distribution and before that kops. It is in use within multiple startups that have scaled from a couple founders in an apartment to billion dollar unicorns. By using Kubespot they were able to achieve the technical requirements for compliance while being able to deploy software fast.

What is included in Kubespot?

Kubespot is a light wrapper around AWS EKS. The primary changes included in Kubespot are:

  • Locked down with security groups, private subnets and other compliance related requirements.
  • Locked down RDS and Elasticache if needed.
  • Users have a single Load Balancer through which all requests go through to reduce costs.
  • KEDA is used for scaling on event metrics such as queue sizes, user requests, CPU, memory or anything else Keda supports.
  • Karpenter is used for autoscaling.
  • Instance are lockdown with encryption, and a regular node cycle rate is set.