EKS Clusters should have the public access disabled
EKS clusters are available publicly by default, this should be explicitly disabled in the vpc_config of the EKS cluster resource.
Impact
EKS can be access from the internet
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Don’t enable public access to EKS Clusters
1
2
3
4
5
6
7
8
9
10
|
resource "aws_eks_cluster" "good_example" {
// other config
name = "good_example_cluster"
role_arn = var.cluster_arn
vpc_config {
endpoint_public_access = false
}
}
|
Links