Skip to content

Files

Latest commit

 

History

History
40 lines (29 loc) · 808 Bytes

AWS069.md

File metadata and controls

40 lines (29 loc) · 808 Bytes

Pattern: EKS Clusters should have the public access disabled

Issue: -

Description

EKS clusters are available publicly by default, this should be explicitly disabled in the vpc_config of the EKS cluster resource.

Resolution: Don't enable public access to EKS Clusters.

Examples

Example of incorrect code:

resource "aws_eks_cluster" "bad_example" {
    // other config 

    name = "bad_example_cluster"
    role_arn = var.cluster_arn
    vpc_config {
		endpoint_public_access = true
		public_access_cidrs = ["0.0.0.0/0"]
    }
}

Example of correct code:

resource "aws_eks_cluster" "good_example" {
    // other config 

    name = "good_example_cluster"
    role_arn = var.cluster_arn
    vpc_config {
        endpoint_public_access = false
    }
}