CRITICAL
Source
Trivy/CSPM
CSPM ID
eks-private-endpoint
ID
AVD-AWS-0040

EKS Clusters should have the public access disabled

EKS clusters are available publicly by default, this should be explicitly disabled in the vpc_config of the EKS cluster resource.

Impact

EKS can be access from the internet

Follow the appropriate remediation steps below to resolve the issue.

Don’t enable public access to EKS Clusters

1
2
3
4
5
6
7
8
9
resource "aws_eks_cluster" "good_example" {
  // other config
  
  name = "good_example_cluster"
  role_arn = var.cluster_arn
  vpc_config {
    endpoint_public_access = false
  }
}