# AOS - Infra ## Recommandations EKS Cluster: - Enable control plane logging (https://www.terraform.io/docs/providers/aws/r/eks_cluster.html#enabling-control-plane-logging) - Enable container logging (https://github.com/helm/charts/tree/master/incubator/fluentd-cloudwatch) EKS Node: - move EKS nodes back to private networking. - add another NAT Gateway in another AZ, maybe 2 (one per subnet and a route table per subnet pointing the NAT gateway as default gateway). - Tag VPC subnet correctly for EKS (https://docs.aws.amazon.com/fr_fr/eks/latest/userguide/network_reqs.html). Redis: - change redis SG to allow worker SG and not control plane SG MongoDB Atlas: - allow the previously created NAT Gateways EIP to Atlas whitelist