// the find
awslabs/crossplane-on-eks
Crossplane bespoke composition blueprints for AWS resources
A collection of Crossplane compositions and bootstrapping scripts for managing AWS resources on EKS. Targets platform engineering teams who want to expose opinionated AWS infrastructure APIs to application developers via Kubernetes CRDs instead of Terraform or direct AWS console access. Covers a wide surface area: VPC, RDS, DynamoDB, S3, Lambda, EKS, Kinesis, and more.
The composition library covers both the legacy crossplane/provider-aws and the newer upbound/provider-aws (upjet-based), so you can evaluate both without starting from scratch. The nested composition pattern and IRSA setup are well-documented with working examples, not just stubs. The Gatekeeper integration for policy enforcement (e.g., preventing duplicate S3 buckets) shows someone thought about day-2 governance, not just provisioning. Bootstrap options via both Terraform and eksctl give you a real choice rather than forcing one path.
The repo is explicitly pre-production and it shows — last push was February 2026 but the crossplane/provider-aws compositions still reference the old (now deprecated) provider that Upbound has been sunsetting in favor of upjet-based providers, meaning half the composition library may be on borrowed time. No versioning or release tags; you're pinning to main or nothing. The patching model in Crossplane is genuinely painful and the patching-101 doc helps, but there's no guidance on testing compositions locally before pushing to a cluster, which makes iteration slow. Secrets handling relies on either Vault or Kubernetes secrets with no first-class AWS Secrets Manager path, which is an odd gap for an AWS-focused repo.