EKS security hardening for HIPAA workloads
Remediated CrowdStrike findings, locked down public endpoints, and migrated MongoDB connections to private endpoints across a multi-cluster healthcare environment.
- Client
- Confidential — healthcare
- Role
- DevOps engineer
- Year
- 2025
- Stack
- EKSAWSTerraformCrowdStrikeMongoDB Atlas
A six-week engagement remediating security findings on production EKS clusters serving compliance-bound (HIPAA / HITRUST) workloads. Worked with the platform team to design a remediation path that didn't take down the cluster.
What we did
- Audited every public-facing endpoint and migrated those that didn't need exposure to private subnets.
- Switched MongoDB Atlas connections from public to private endpoint via PrivateLink.
- Closed CrowdStrike IOM (Indicator of Misconfiguration) findings without breaking running workloads — staged rollouts with canaries.
- Tightened IRSA permissions; removed long-lived credentials from pods.
Outcome
Clean CrowdStrike posture. No regressions during rollout. Documentation handed off to the in-house platform team so they could keep it that way.