Ensono · balpurewal · Feb 18, 2025 · Feb 18, 2025 · Feb 18, 2025 · Feb 18, 2025
diff --git a/deploy/aws/infra/eks-cluster.tf b/deploy/aws/infra/eks-cluster.tf
@@ -16,5 +16,8 @@ module "eks" {
   vpc_id              = module.vpc.id
   vpc_private_subnets = module.vpc.private_subnet_ids
 
+  cis_bootstrap_image  = var.cis_bootstrap_image
+  enable_cis_bootstrap = var.enable_cis_bootstrap
+
   tags = local.default_tags
 }
diff --git a/deploy/aws/infra/variables.tf b/deploy/aws/infra/variables.tf
@@ -142,3 +142,18 @@ variable "external_dns_namespace" {
   type        = string
   description = "The Namespace that External DNS will be deployed to"
 }
+
+########################################
+# CIS Bottlerocket
+########################################
+variable "enable_cis_bootstrap" {
+  type        = string
+  default     = true
+  description = "If true, the EKS cluster will be bootstrapped with the CIS Bottlerocket image to ensure the OS is CIS level compliant"
+}
+
+variable "cis_bootstrap_image" {
+  type        = string
+  default     = "ensonostackseuweirdfmu.azurecr.io/ensono/bottlerocket-cis-bootstrap:1.1.265-amd64"
+  description = "The location of the CIS Bottlerocket image"
+}