Implicit SSH for AWS EKS node group High

implicit SSH access from 0.0.0.0/0 for AWS EKS node group is detected. Make sure that AWS EKS node group doesn't have implicit SSH access from 0.0.0.0/0.

Detector ID
terraform/implicit-eks-ssh-access-terraform@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1resource "aws_eks_node_group" "private-node-group-1-tf" {
2  cluster_name  = aws_eks_cluster.eks-tf.name
3  node_group_name = format("%s-private-ng-1-%s", local.project_prefix, local.build_suffix)
4  node_role_arn  = aws_iam_role.workernodes.arn
5  subnet_ids =  [for i in aws_subnet.eks-internal: i.id]
6  instance_types = ["t3.small"]
7  # Noncompliant: `source_security_group_ids` is not mentioned.
8  remote_access {
9    ec2_ssh_key = "some-key"
10  }
11  scaling_config {
12    desired_size = 0
13    max_size     = 0
14    min_size     = 0
15  }
16}

Compliant example

1resource "aws_eks_node_group" "private-node-group-1-tf" {
2  cluster_name  = aws_eks_cluster.eks-tf.name
3  node_group_name = format("%s-private-ng-1-%s", local.project_prefix, local.build_suffix)
4  node_role_arn  = aws_iam_role.workernodes.arn
5  subnet_ids =  [for i in aws_subnet.eks-internal: i.id]
6  instance_types = ["t3.small"]
7  # Compliant: `source_security_group_ids` is mentioned in here.
8  remote_access {
9    ec2_ssh_key = "some-key"
10    source_security_group_ids = "some-group"
11  }
12  scaling_config {
13    desired_size = 0
14    max_size     = 0
15    min_size     = 0
16  }
17}