AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/eks-gitops-tools/spinnaker.md

Summary

Reformatted tool capabilities table into bullet points and updated image path

Security assessment

The changes are purely structural/formatting (table to bullet points) and an image path update. No security vulnerabilities, weaknesses, or incidents are mentioned. The existing RBAC mention remains unchanged without new security context.

Diff

diff --git a/prescriptive-guidance/latest/eks-gitops-tools/spinnaker.md b/prescriptive-guidance/latest/eks-gitops-tools/spinnaker.md
index f106401d1..e92f5c598 100644
--- a//prescriptive-guidance/latest/eks-gitops-tools/spinnaker.md
+++ b//prescriptive-guidance/latest/eks-gitops-tools/spinnaker.md
@@ -15,22 +15,42 @@ Although Spinnaker isn't exclusively designed as a GitOps tool, you can configur
-Area | Tool capabilities  
----|---  
-Declarative configuration | Spinnaker uses declarative pipeline definitions, which are typically stored as JSON or YAML files. These pipeline definitions can be version-controlled in Git repositories, in alignment with GitOps practices.  
-IaC | Spinnaker supports the definition of infrastructure and deployment configurations as code. These definitions can be stored in Git repositories, and can serve as the single source of truth.  
-Multi-cloud deployments | Spinnaker is designed to work across multiple cloud providers and Kubernetes clusters. It enables consistent GitOps practices across diverse environments.  
-Pipeline as code | Spinnaker pipelines can be defined as code and stored in Git repositories. This allows for version control and the review of deployment processes.  
-Automated deployments | You can configure Spinnaker to automatically start deployments based on changes in Git repositories. The tool supports continuous deployment practices that are central to GitOps.  
-Immutable infrastructure | Spinnaker promotes the use of immutable infrastructure, which is a key concept in GitOps. It encourages the deployment of new instances instead of modifying existing instances.  
-Rollbacks and versioning | Spinnaker provides robust rollback capabilities and quick reversion to previous known good states. It supports versioning of deployments, in alignment with GitOps principles of traceability.  
-Approval workflows | Spinnaker includes manual judgment stages in pipelines to support controlled promotions between environments. This supports GitOps practices of separation between deployments and releases.  
-Canary and blue/green deployments | Spinnaker supports advanced deployment strategies that align with GitOps practices for safe and controlled releases.  
-Integration with version control systems | Spinnaker can integrate with various Git providers to start pipelines based on repository events.  
-Kubernetes integration | Spinnaker provides native support for Kubernetes and supports GitOps-style management of Kubernetes resources.  
-Artifact management | Spinnaker supports artifact management and versioning, which are crucial for maintaining a GitOps workflow.  
-Observability and monitoring | Spinnaker offers integration with monitoring tools to support the observability aspect of GitOps.  
-Audit trail | Spinnaker provides detailed deployment logs and history, which support the auditability principle of GitOps.  
-Role-based access control (RBAC) | This tool implements RBAC for fine-grained control over who can perform which actions, in alignment with GitOps security practices.  
-Templating and parameterization | Spinnaker supports templating in pipeline definitions to enable reusable and parameterized deployments.  
-Environment promotion | Spinnaker facilitates the promotion of applications between environments (for example, from staging to production) in a controlled manner.  
-Integration with CI tools | Spinnaker can integrate with various continuous integration (CI) tools to provide a complete CI/CD pipeline that adheres to GitOps principles.  
-Custom stages and extensions | This tool supports custom stages and extensions, so teams can implement GitOps workflows that are tailored to their needs.  
-Centralized management | Spinnaker provides a centralized platform for managing deployments across multiple environments and cloud providers.  
+  * **Declarative configuration** : Spinnaker uses declarative pipeline definitions, which are typically stored as JSON or YAML files. These pipeline definitions can be version-controlled in Git repositories, in alignment with GitOps practices.
+
+  * **IaC** : Spinnaker supports the definition of infrastructure and deployment configurations as code. These definitions can be stored in Git repositories, and can serve as the single source of truth.
+
+  * **Multi-cloud deployments** : Spinnaker is designed to work across multiple cloud providers and Kubernetes clusters. It enables consistent GitOps practices across diverse environments.
+
+  * **Pipeline as code** : Spinnaker pipelines can be defined as code and stored in Git repositories. This allows for version control and the review of deployment processes.
+
+  * **Automated deployments** : You can configure Spinnaker to automatically start deployments based on changes in Git repositories. The tool supports continuous deployment practices that are central to GitOps.
+
+  * **Immutable infrastructure** : Spinnaker promotes the use of immutable infrastructure, which is a key concept in GitOps. It encourages the deployment of new instances instead of modifying existing instances.
+
+  * **Rollbacks and versioning** : Spinnaker provides robust rollback capabilities and quick reversion to previous known good states. It supports versioning of deployments, in alignment with GitOps principles of traceability.
+
+  * **Approval workflows** : Spinnaker includes manual judgment stages in pipelines to support controlled promotions between environments. This supports GitOps practices of separation between deployments and releases.
+
+  * **Canary and blue/green deployments** : Spinnaker supports advanced deployment strategies that align with GitOps practices for safe and controlled releases.
+
+  * **Integration with version control systems** : Spinnaker can integrate with various Git providers to start pipelines based on repository events.
+
+  * **Kubernetes integration** : Spinnaker provides native support for Kubernetes and supports GitOps-style management of Kubernetes resources.
+
+  * **Artifact management** : Spinnaker supports artifact management and versioning, which are crucial for maintaining a GitOps workflow.
+
+  * **Observability and monitoring** : Spinnaker offers integration with monitoring tools to support the observability aspect of GitOps.
+
+  * **Audit trail** : Spinnaker provides detailed deployment logs and history, which support the auditability principle of GitOps.
+
+  * **Role-based access control (RBAC)** : This tool implements RBAC for fine-grained control over who can perform which actions, in alignment with GitOps security practices.
+
+  * **Templating and parameterization** : Spinnaker supports templating in pipeline definitions to enable reusable and parameterized deployments.
+
+  * **Environment promotion** : Spinnaker facilitates the promotion of applications between environments (for example, from staging to production) in a controlled manner.
+
+  * **Integration with CI tools** : Spinnaker can integrate with various continuous integration (CI) tools to provide a complete CI/CD pipeline that adheres to GitOps principles.
+
+  * **Custom stages and extensions** : This tool supports custom stages and extensions, so teams can implement GitOps workflows that are tailored to their needs.
+
+  * **Centralized management** : Spinnaker provides a centralized platform for managing deployments across multiple environments and cloud providers.
+
+
+
@@ -48 +68 @@ The following diagram illustrates a GitOps-driven CD workflow that uses Spinnake
-![Spinnaker architecture and workflow on AWS.](/images/prescriptive-guidance/latest/eks-gitops-tools/images/spinnaker-on-aws.png)
+![Spinnaker architecture and workflow on AWS.](/images/prescriptive-guidance/latest/eks-gitops-tools/images/guide-img/b6f49161-b2c5-42aa-b1d8-b0781836edb7/images/6601ff56-3d46-4dcf-ab6f-0ae4cca17e47.png)