Amazon EKS for the enterprise.<br/>100% managed as code.<br/>In about a day.

Amazon EKS for the enterprise.
100% managed as code.
In about a day.

  • Deploy enterprise-grade, CIS-compliant EKS clusters into your AWS accounts.
  • Set up CI/CD pipelines and self-service tools for app deployment.
  • Control, customize, and manage everything as code using Terraform.
  • Get commercial maintenance and support from Gruntwork.

Request early access

Join now for early access pricing!

eks_configuration.yml
  
  # Use this file to configure your EKS cluster.
  # Gruntwork will generate your Terraform code from just this
  # file!

  # Configure CIS Benchmark compliance
  cis:
    enable_pod_security_policies: true
    enable_network_security_policies: true
    enable_eks_cluster_hardening: true

  # Choose from istio, consul-connect, aws-app-mesh
  service_mesh: "istio"

  # Choose from flux or argocd
  cicd: "argocd"

  # Choose from argocd or lens
  self_service: "argocd"

  # Choose from prometheus, datadog, cloudwatch
  metric_aggregation: "prometheus"

  # Choose from elastic, datadog, cloudwatch
  log_aggregation: "elastic"

  # Configure auto scaling
  cluster_autoscaler:
    enabled: true
    min: 2
    max: 4

  # Enable harbor as a trusted registry
  harbor:
    enabled: true

  # Enable Open Policy Agent rules to enforce
  # security & compliance baselines
  opa:
    enable_kubernetes_rules: true
    enable_terraform_rules: true

  # Enable a controller for one-way encrypted secrets.
  sealed_secrets:
    enabled: true

  # Allow managing domain names in your K8S manifests
  external_dns:
    enabled: true
    domains:
      - env: "dev"
        domain: "your-dev-domain.com"
      - env: "prod"
        domain: "your-prod-domain.com"
  
  

Step #1
Configure your EKS cluster

Pick and choose the technologies that you want included in your custom EKS cluster. We support a wide range of popular configurations that include:

  • Service meshes (Istio, Consul Connect, AWS App Mesh)
  • K8S-native CI/CD (Argo CD, Flux)
  • Self-service UI (Argo CD Dashboard, Lens)
  • Metrics (Prometheus, Datadog, CloudWatch)
  • Log Aggregation (Elastic Stack, Datadog, CloudWatch)
  • Cluster Autoscaler, Sealed Secrets, OPA, & more!
On top of that, all our enterprise-grade EKS clusters are hardened to meet 100% of the CIS Amazon EKS Benchmark requirements, regardless of the chosen technologies.

CIS
CIS
Istio
Istio
Argo CD
Argo CD
Flux
Flux
prod/us-west-2/services/eks-cluster/main.tf
  
  # Example snippet from Terraform code to deploy an EKS cluster

  module "eks_cluster" {
    source =
      "github.com/gruntwork-io/service-catalog//eks-cluster"
    version = "v0.51.0"

    cluster_name = "my-prod-cluster"
    vpc_id       = dependency.vpc.outputs.vpc_id

    managed_node_group_configurations = {
      "prod-asg" = {
        min_size   = 2
        max_size   = 4
        tags       = local.default_tags
      }
    }

    enable_pod_security_policies     = true
    enable_network_security_policies = true
    enable_eks_cluster_hardening     = true
  }

  module "eks_core_services" {
    source =
      "github.com/gruntwork-io/service-catalog//core-services"
    version = "v0.51.0"

    eks_cluster_arn = module.eks_cluster.eks_cluster_arn

    # Enable services based on form input
    # All other services default to false, and thus
    # are not enumerated.
    enable_istio              = true
    enable_argocd             = true
    enable_prometheus         = true
    enable_elastic            = true
    enable_cluster_autoscaler = true
    enable_sealed_secrets     = true
    enable_external_dns       = true
    enable_harbor             = true
    enable_opa = {
      k8s_admission_controller       = true
      terraform_admission_controller = true
    }

    # Additional service configurations based on form input
    # NOTE: This is configuring the prod cluster,
    #       so only setup the prod domain.
    #       For dev, this will be set to gruntwork-dev.com
    external_dns_route53_hosted_zone_id_filters =
      ["gruntwork.io"]
  }
  
  
prod/us-west-2/networking/vpc/main.tf
  
  # Example snippet from Terraform code to deploy a VPC
  # If you already have a VPC, this step will be skipped

  module "vpc" {
    source =
      "github.com/gruntwork-io/terraform-aws-vpc//vpc-app"

    vpc_name         = "prod-vpc"
    cidr_block       = "10.0.0.0/16"
    num_nat_gateways = 3

    # EKS requires your VPCs/subnets to be tagged a specific way
    vpc_tags             = module.tags.vpc_tags
    public_subnet_tags   = module.tags.public_tags
    private_subnet_tags  = module.tags.private_tags
  }

  module "tags" {
    source =
      "github.com/gruntwork-io/terraform-aws-eks//eks-vpc-tags"

    eks_cluster_names = var.eks_cluster_names
  }

  module "vpc_network_acls" {
    source =
      "github.com/gruntwork-io/terraform-aws-vpc//network-acls"

    vpc_id             = module.vpc.vpc_id
    public_subnet_ids  = module.vpc.public_subnet_ids
    private_subnet_ids = module.vpc.private_subnet_ids
  }

  module "vpc_flow_logs" {
    source
      = "github.com/gruntwork-io/terraform-aws-vpc/flow-logs"

    vpc_id         = module.vpc.vpc_id
    log_group_name = "${module.vpc.vpc_name}-flow-logs"
    kms_key_users  = var.kms_key_user_iam_arns
    kms_key_arn    = var.kms_key_arn
    traffic_type   = var.flow_logs_traffic_type
  }
  
  

Step #2
Generate code and customize it to your needs

Gruntwork takes your requested configuration, generates Terraform code for deploying your EKS cluster, and opens a pull request in a Git repo of your choice (we support GitHub, GitLab, and BitBucket). The code you get has been proven in production at hundreds of companies, is commercially supported and maintained by Gruntwork, and is 100% yours: use it as-is or customize it as much as you want.

GitHub
GitHub
GitLab
GitLab
BitBucket
BitBucket
Deploy generated code in the browser using Terraform Cloud / Enterprise.

Step #3
Deploy your EKS cluster into your AWS account

Deploy your EKS cluster into your AWS account using one of the supported deployment tools:

  • Gruntwork Pipelines
  • Terraform Cloud
  • Terraform Enterprise
  • Terraform CLI
  • Terragrunt CLI

Terraform
Terraform
TFC/TFE
TFC/TFE
Terragrunt
Terragrunt

Step #4
Configure your apps

Use Gruntwork tools to optimize your enterprise apps for EKS, including cloud-native and K8S-native best practices for packaging, monitoring, logging, service discovery, secrets management, schema migrations, and more. We support common enterprise languages and frameworks:

  • Java: Spring Boot, Quarkus
  • Ruby: Ruby on Rails, Sinatra
  • Python: Django, Flask
  • Node.js: Express.js, Next.js
Or use our enterprise-grade reference applications as a template to implement the optimizations for any language and framework we don't support.

Spring Boot
Spring Boot
Rails
Rails
Django
Django
Express
Express
Connect your repository to Argo CD to deploy.

Step #5
Deploy your apps

Connect your Git repo to the CI/CD system (e.g., Argo CD) to automatically register, migrate, and deploy your apps using a friendly UI. Gruntwork Enterprise EKS supports various deployment strategies out of the box:

  • Canary
  • Blue/Green
  • Automatic rollbacks
  • Security scans
  • CI/CD workflows
  • GitOps workflows
Regardless of deployment strategy and configuration, enforce your organization governance policies on artifacts using Open Policy Agent and Harbor.

Argo CD
Argo CD
Lens
Lens
Harbor
Harbor
Open Policy Agent
Open Policy Agent

Step #6
Manage your apps

Use your chosen self-service dashboard to track deployment progress, review error messages, and troubleshoot errors in a powerful web UI. Use observability tools to monitor your apps, including dashboards for container metrics, cluster data, one-click access to containers, and multiple options for centralized logging.

Prometheus
Prometheus
Elastic Stack
Elastic Stack
Datadog
Datadog

Step #7
Stay up to date

All the modules and code is commercially supported and maintained. We push versioned updates to keep the infrastructure up to date:

  • Stay compatible across tool versions (Terraform, Terragrunt, kubectl, helm, etc)
  • Regularly update to the latest Kubernetes version
  • Maintain compliance across CIS benchmark versions

Meet the Gruntwork community.

Bind
Gridpoint
Intel
Tidal Migrations
Quid
Digital Globe
Fluo
Commonplace
Jumio
Finiata
Iwoca
Healthline

Why Gruntwork?

Here's how the out-of-the-box experience with Gruntwork Enterprise EKS compares to the out-of-the-box experience with other popular options for running Kubernetes in AWS:

kops Rancher EKS EKS with Gruntwork

Cluster

       
Fully-managed control plane
Self-managed control plane
Fully-managed worker nodes
Self-managed worker nodes
Service mesh

Cluster management

       
Manage everything as code
Node auto scaling
CI / CD for infrastructure
Cluster monitoring

App management

       
Rolling deployment
Blue-green deployment
CI / CD pipeline for apps
Self-service UI
Pod auto scaling
App monitoring

Security

       
Server hardening
Sealed secrets
End-to-end encryption
Service communication ACLs
Network security policies
Pod security policies
OPA policies

Compliance

       
AWS Well Architected
CIS AWS Foundations Benchmark
CIS EKS Benchmark

Target environments

       
Multi-cloud and hybrid cloud
AWS and cloud native

The enterprise EKS experience you've been looking for.

  • The power, security, and flexibility of Kubernetes.
  • The control and scalability you expect from AWS.
  • The production-grade code you expect from Gruntwork.

Request early access