01 - EKS Inbound Traffic Port 443

Ensure EKS Cluster only allows inbound connectivity on port 443

For all inbound communication to your EKS cluster, this should be limited to only allow traffic on port 443 to ensure SSL encryption. For this reason it is considered a security best practice to not only allow inbound access on this port. Ensuring that it is restricted will help you with PCI-DSS Compliance.

Audit & Remediation

Login into your AWS account
Navigate to the ECS service at: https://console.aws.amazon.com/ecs
On the left hand panel select Clusters under Amazon EKS.

Select the EKS cluster in order to go into the Cluster configuration page.
Select the Networking tab and select the hyperlink for Cluster security group.

This will open a new browser tab taking you directly to the Security group.
Select the Security group that has been filtered,
Select the Inbound rules tab and validate if Port range has anything other than 443 listed.

Select Edit inbound rules and change the security group to only allow inbound on port 443.

Repeat the outlined steps for each region that you have ECR repositories in.
Repeat the outlined steps for each AWS account that you have.

See all of your AWS EC2 Instances in a single place!

Do you want to see all of your AWS EC2 Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.