Overly permissive access is granted by the AWS EKS cluster security group to all traffic. Make sure that AWS EKS cluster security group is configured to prevent Overly permissive to all traffic.
1resource "aws_eks_cluster" "test" {
2 name = "test"
3 role_arn = aws_iam_role.eksrole.arn
4 vpc_config {
5 subnet_ids = [aws_subnet.subnet1.id]
6 # Noncompliant: `endpoint_public_access` is set to True.
7 endpoint_public_access = True
8 }
9}
1resource "aws_eks_cluster" "test" {
2 name = "test"
3 role_arn = aws_iam_role.eksrole.arn
4 vpc_config {
5 subnet_ids = [aws_subnet.subnet1.id]
6 # Compliant: `endpoint_public_access` is set to False.
7 endpoint_public_access = False
8 }
9 encryption_config {
10 resources = ["secrets"]
11 }
12 enabled_cluster_log_types = [
13 "api",
14 "audit",
15 "authenticator",
16 "controllerManager",
17 "scheduler"
18 ]
19}