About This Architecture

Multi-stage CI/CD pipeline for Yoma Bank deploying seven microservices to AWS EKS across dev, staging, and prod namespaces using GitHub Actions runners, Docker containerization, and ECR artifact storage. Security scanning spans SAST (CodeQL), SCA (Dependabot/Snyk), container (Trivy), secrets (Gitleaks), IaC (Checkov), and DAST (OWASP ZAP) gates before testing with Bedrock AI assistance and code coverage validation. Approval workflows enforce auto-approval for dev, manual gates for staging and prod, with full observability via CloudWatch, X-Ray, Grafana, and AWS security services (GuardDuty, Security Hub, CloudTrail). Fork this diagram to customize approval policies, add additional namespaces, or integrate alternative scanning tools into your own enterprise deployment pipeline. The architecture demonstrates defense-in-depth security posture with shift-left scanning, AI-assisted testing, and comprehensive audit logging across all deployment stages.

People also ask

How do I implement a secure multi-stage CI/CD pipeline with GitHub Actions deploying to AWS EKS with automated security scanning and approval workflows?

This diagram shows a complete enterprise CI/CD pipeline where GitHub Actions triggers Docker builds for seven microservices, pushes containers to ECR, and runs seven security scans (CodeQL, Dependabot, Trivy, Gitleaks, Checkov, OWASP ZAP) before testing with Bedrock AI assistance. Approval gates enforce auto-approval for dev and manual approvals for staging/prod, with deployments to EKS namespaces