For some non-obvious reason it wasn’t straight-forward how to deploy/configure AWS EBS CSI controller even after reading the docs. Key thing here is you have to install csi driver yourself and the easiest way to do it is to use EKS addons. You can also tweak eks addons deployment using configuration_values property to change resources, add nodeSelector, etc. Here is the terraform configuration for that with some ommited fields not related to the configuration of storage...
ISO 27001 Part 2
Annex A 8.2: Privileged Access Rights This control is pretty simple to define and quite hard to implement. Services and people must have an access based on their needs. If your service requires an access to write to specific S3 bucket, do not allow access to whole S3 service. Administrator role should be granted only to specific group of people trained and prepared to perform those duties. Usually we allow infrastructure team to have an access everywhere though it’s not necessary most of the times....
ISO 27001 Part 1
Security audits are always challenging, and they’re even harder if you’re doing one for the first time. ISO 27001 requires collaboration between the IT department, HR, the CISO and SRE team (or Platform team). I’d like to focus on technological controls, specifically what can be implemented in cloud infrastructure and how to make our life a little bit easier. First, preparing for an audit is a long process of collecting evidence and addressing any gaps we found....