Skip to main content

apex:eks-security

Source

This page is generated from steering/commands/apex/eks-security.md. Edit the source, not this page.

Run the APEX EKS security & compliance workflow — turn a team's compliance regime, workload sensitivity, and OS/AMI constraints into an opinionated, layer-by-layer Amazon EKS hardening recommendation and audit-prep roadmap.

<execution_context> @~/.claude/apex-steering/workflows/eks-security.md </execution_context>

Follow the eks-security workflow end-to-end. Ask the required discovery questions FIRST (compliance regime, workload sensitivity, OS/AMI strategy, audit timeline, topology, skill, ops-overhead tolerance, current baseline) — do not recommend a stack before they are answered. Use the `eks-security` skill for the 7-layer stack, the compliance-regime scope view, the non-negotiable security baseline, and the 30/60/90 roadmap. Always include the compliance-status disclaimer (defer to the live AWS Services in Scope page) and never call IRSA "legacy", promise "HIPAA-compliant", or conflate FedRAMP Moderate/High or FIPS 140-2/140-3. Phases: 1) discovery, 2) compliance-regime position, 3) top-level stack recommendation, 4) layer-by-layer guidance with shared-responsibility split, 5) 30/60/90 roadmap, 6) security baseline + gotchas + escalation.