gnana997/periscope-demo-eks-antipatterns

This repository sets up a deliberately broken Amazon Web Services environment for testing a separate tool called Periscope, an open source dashboard for Kubernetes clusters running on Amazon's EKS service. The README starts with a strong warning in red: the cluster it creates is intentionally insecure and should only be used in a fresh, throwaway AWS sandbox account. It contains real IAM permission mistakes, like wildcard access to all S3 buckets, and uses container images known to have security holes. The purpose is to give Periscope something interesting to look at. Periscope has views that detect specific cloud permission antipatterns and vulnerable containers, and this repo wires up a cluster that contains 12 such antipatterns plus 4 vulnerable workloads, each cross referenced in a docs file to the Periscope screenshot it is meant to produce. Examples include a service account bound to two different identity sources at once, an orphan Pod Identity association, stale IRSA bindings, and older versions of nginx, grafana, redis, and busybox in a private container registry. The setup uses Terraform to create the EKS cluster, plus shell scripts to apply the identity fixtures and the security fixtures in order. The README also lists prerequisites such as the AWS CLI, kubectl, jq, envsubst, Docker, and an admin level AWS principal, and gives an honest cost estimate: about $1.30 per four hour session, or roughly $150 per month if left running. A tear down section walks through the reverse order cleanup, including extra AWS CLI checks for orphaned NAT gateways, elastic IPs, and load balancers. As a safety habit, every IAM resource and S3 bucket ARN is prefixed with periscope-demo so that policy text copied into a real account will not collide with production names. The project is Apache 2.0 licensed.