AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/eks-gitops-tools/weave.md

Summary

Reformatted tool capabilities section from table to bullet points and updated image path

Security assessment

The changes involve formatting improvements (converting table to bullet points) and an image path update. No security vulnerabilities, weaknesses, or incidents are mentioned. Existing security-related content ('Secure by design', 'Policy as code', etc.) remains unchanged in substance.

Diff

diff --git a/prescriptive-guidance/latest/eks-gitops-tools/weave.md b/prescriptive-guidance/latest/eks-gitops-tools/weave.md
index 867d2b1a6..fbd71f836 100644
--- a//prescriptive-guidance/latest/eks-gitops-tools/weave.md
+++ b//prescriptive-guidance/latest/eks-gitops-tools/weave.md
@@ -15,22 +15,42 @@ Weave GitOps was developed by Weaveworks, which is the company that introduced t
-Area | Tool capabilities  
----|---  
-Git as the single source of truth | Weave GitOps uses Git repositories as the authoritative source for defining the desired state of the system. All configurations, including application manifests, infrastructure definitions, and policies, are stored in Git.  
-Declarative configuration | The system relies on declarative descriptions of the entire system state. These descriptions are typically Kubernetes manifests, Helm charts, or other declarative formats.  
-Automated synchronization | Weave GitOps continuously monitors Git repositories for changes. When it detects changes, it automatically applies them to the target environment.  
-Kubernetes-native architecture | Weave GitOps is built as a set of Kubernetes controllers and custom resources. It uses the extension mechanisms in Kubernetes to provide GitOps capabilities.  
-Continuous reconciliation | This tool constantly compares the actual state of the cluster with the desired state that's defined in Git. It automatically corrects any drift detected between these states.  
-Multi-cluster management | Weave GitOps supports the management of multiple Kubernetes clusters from a single control plane. It enables consistent application deployment across different environments.  
-Policy as code | Weave GitOps incorporates the concept of policy as code for enforcing security and compliance rules. Policies are version-controlled alongside application code and infrastructure definitions.  
-Progressive delivery | This tool supports advanced deployment strategies such as canary releases and blue/green deployments. It integrates with Flagger for automated, progressive delivery.  
-Observability and dashboards | Weave GitOps provides built-in dashboards for monitoring the state of applications and clusters. It offers insights into reconciliation processes and cluster health.  
-Secure by design | The tool implements security best practices, including RBAC integration and secrets management. It supports various authentication methods and integrates with enterprise identity providers.  
-Extensibility and integration | The tool is designed to work with a wide range of cloud-native tools. It supports popular tools such as Flux, Helm, and Kustomize.  
-Self-service developer platforms | Weave GitOps enables the creation of self-service platforms for developers. It provides templates and guardrails for application deployment.  
-GitOps automation | The tool automates many aspects of the GitOps workflow, including pull request generation for updates.  
-Continuous delivery pipelines | It integrates with CI/CD systems to create end-to-end delivery pipelines.  
-Audit and compliance | Weave DevOps provides a complete audit trail of all changes and actions. It helps you meet compliance requirements through version control and automated processes.  
-Scalability | The tool is designed to scale from small projects to large, enterprise-grade deployments.  
-Team collaboration | Weave GitOps facilitates collaboration between development and operations teams through Git-based workflows.  
-GitOps as a service | This tool offers GitOps as a managed service, which simplifies adoption and management.  
-Hybrid and multi-cloud support | Weave GitOps enables consistent management across different cloud providers and on-premises environments.  
-Continuous security | The tool integrates security scanning and policy enforcement throughout the deployment process.  
+  * **Git as the single source of truth** : Weave GitOps uses Git repositories as the authoritative source for defining the desired state of the system. All configurations, including application manifests, infrastructure definitions, and policies, are stored in Git.
+
+  * **Declarative configuration** : The system relies on declarative descriptions of the entire system state. These descriptions are typically Kubernetes manifests, Helm charts, or other declarative formats.
+
+  * **Automated synchronization** : Weave GitOps continuously monitors Git repositories for changes. When it detects changes, it automatically applies them to the target environment.
+
+  * **Kubernetes-native architecture** : Weave GitOps is built as a set of Kubernetes controllers and custom resources. It uses the extension mechanisms in Kubernetes to provide GitOps capabilities.
+
+  * **Continuous reconciliation** : This tool constantly compares the actual state of the cluster with the desired state that's defined in Git. It automatically corrects any drift detected between these states.
+
+  * **Multi-cluster management** : Weave GitOps supports the management of multiple Kubernetes clusters from a single control plane. It enables consistent application deployment across different environments.
+
+  * **Policy as code** : Weave GitOps incorporates the concept of policy as code for enforcing security and compliance rules. Policies are version-controlled alongside application code and infrastructure definitions.
+
+  * **Progressive delivery** : This tool supports advanced deployment strategies such as canary releases and blue/green deployments. It integrates with Flagger for automated, progressive delivery.
+
+  * **Observability and dashboards** : Weave GitOps provides built-in dashboards for monitoring the state of applications and clusters. It offers insights into reconciliation processes and cluster health.
+
+  * **Secure by design** : The tool implements security best practices, including RBAC integration and secrets management. It supports various authentication methods and integrates with enterprise identity providers.
+
+  * **Extensibility and integration** : The tool is designed to work with a wide range of cloud-native tools. It supports popular tools such as Flux, Helm, and Kustomize.
+
+  * **Self-service developer platforms** : Weave GitOps enables the creation of self-service platforms for developers. It provides templates and guardrails for application deployment.
+
+  * **GitOps automation** : The tool automates many aspects of the GitOps workflow, including pull request generation for updates.
+
+  * **Continuous delivery pipelines** : It integrates with CI/CD systems to create end-to-end delivery pipelines.
+
+  * **Audit and compliance** : Weave DevOps provides a complete audit trail of all changes and actions. It helps you meet compliance requirements through version control and automated processes.
+
+  * **Scalability** : The tool is designed to scale from small projects to large, enterprise-grade deployments.
+
+  * **Team collaboration** : Weave GitOps facilitates collaboration between development and operations teams through Git-based workflows.
+
+  * **GitOps as a service** : This tool offers GitOps as a managed service, which simplifies adoption and management.
+
+  * **Hybrid and multi-cloud support** : Weave GitOps enables consistent management across different cloud providers and on-premises environments.
+
+  * **Continuous security** : The tool integrates security scanning and policy enforcement throughout the deployment process.
+
+
+
@@ -46 +66 @@ The following diagram illustrates a GitOps-driven CD workflow that uses Weave Gi
-![Weave GitOps architecture and workflow on AWS.](/images/prescriptive-guidance/latest/eks-gitops-tools/images/weave-gitops-on-aws.png)
+![Weave GitOps architecture and workflow on AWS.](/images/prescriptive-guidance/latest/eks-gitops-tools/images/guide-img/b6f49161-b2c5-42aa-b1d8-b0781836edb7/images/0eff2686-47f4-422e-92d1-4412bdc9af09.png)