Ensure EKS Cluster does not allow access to kubectl from the internet

Kubectl is the primary way for gaining access and making administrative changes to your EKS cluster. For this reason is is considered a security best practice to not allow access to this via the internet. Ensuring this is restricted will help you with PCI-DSS, HIPPA and GDPR compliance.

Audit & Remediation

 

 

  • Select the EKS cluster in order to go into the Cluster configuration page.
  • Select the Networking tab and see if the API server endpoint access is currently set to Public and the Public access source whitelist is set to 0.0.0.0/0.

 

 

  • Select the buttonManage networking button.
  • Select Private The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC/

 

 

  • Repeat the outlined steps for each region that you have ECR repositories in.
  • Repeat the outlined steps for each AWS account that you have.
See all of your AWS EC2 Instances in a single place!

Do you want to see all of your AWS EC2 Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +