Critical

Ensure EKS Public access is restricted to specific sources

Security & Compliance
Description

Ensure EKS (Elastic Kubernetes Service) Public access is restricted to specific sources means that the Kubernetes API server endpoint exposed by the EKS cluster should be accessible only from specific IP addresses or networks, and not publicly exposed to the internet or accessible from any source. This helps in preventing unauthorized access to the EKS cluster API server and ensures that only trusted sources are allowed to connect to the cluster. It is an important security measure to protect the EKS cluster from potential attacks or unauthorized access.‍

Remediation

To ensure EKS public access is restricted to specific sources, you can follow these remediation steps:

  1. Update the EKS cluster security group to only allow traffic from trusted sources by specifying the source IP address range or CIDR blocks.
  2. If you have an internet-facing load balancer in front of the EKS cluster, configure the load balancer security group to only allow traffic from trusted sources.
  3. Create a network access control list (NACL) for the EKS subnet that only allows traffic from trusted sources.
  4. Configure Kubernetes Network Policies to restrict traffic to only allow traffic from trusted sources.
  5. Configure AWS WAF (Web Application Firewall) to block traffic from known malicious IP addresses or common attacks.
  6. Enable AWS CloudTrail to monitor and log all API activity in your AWS account, including changes to EKS resources.
  7. Monitor your EKS cluster for any unauthorized access or suspicious activity using AWS CloudWatch Logs, AWS CloudTrail, or other monitoring tools.

By implementing these steps, you can ensure that your EKS cluster is only accessible from trusted sources and reduce the risk of unauthorized access or data breaches.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.