AWS > Eks > No Public Cluster Access To Cidr
CRITICAL
Source
Trivy/CSPM
CSPM ID
eks-security-groups
ID
AVD-AWS-0041

EKS cluster should not have open CIDR range for public access

EKS Clusters have public access cidrs set to 0.0.0.0/0 by default which is wide open to the internet. This should be explicitly set to a more specific private CIDR range

Impact

EKS can be accessed from the internet

Follow the appropriate remediation steps below to resolve the issue.

Don’t enable public access to EKS Clusters

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
resource "aws_eks_cluster" "good_example" {
  // other config
  
  name = "good_example_cluster"
  role_arn = var.cluster_arn
  vpc_config {
    endpoint_public_access = true
    public_access_cidrs = ["10.2.0.0/8"]
  }
}