implicit SSH access from 0.0.0.0/0 for AWS EKS node group is detected. Make sure that AWS EKS node group doesn't have implicit SSH access from 0.0.0.0/0.
1resource "aws_eks_node_group" "private-node-group-1-tf" {
2 cluster_name = aws_eks_cluster.eks-tf.name
3 node_group_name = format("%s-private-ng-1-%s", local.project_prefix, local.build_suffix)
4 node_role_arn = aws_iam_role.workernodes.arn
5 subnet_ids = [for i in aws_subnet.eks-internal: i.id]
6 instance_types = ["t3.small"]
7 # Noncompliant: `source_security_group_ids` is not mentioned.
8 remote_access {
9 ec2_ssh_key = "some-key"
10 }
11 scaling_config {
12 desired_size = 0
13 max_size = 0
14 min_size = 0
15 }
16}
1resource "aws_eks_node_group" "private-node-group-1-tf" {
2 cluster_name = aws_eks_cluster.eks-tf.name
3 node_group_name = format("%s-private-ng-1-%s", local.project_prefix, local.build_suffix)
4 node_role_arn = aws_iam_role.workernodes.arn
5 subnet_ids = [for i in aws_subnet.eks-internal: i.id]
6 instance_types = ["t3.small"]
7 # Compliant: `source_security_group_ids` is mentioned in here.
8 remote_access {
9 ec2_ssh_key = "some-key"
10 source_security_group_ids = "some-group"
11 }
12 scaling_config {
13 desired_size = 0
14 max_size = 0
15 min_size = 0
16 }
17}