Medium

Ensure that EKS security groups are configured to allow incoming traffic only on TCP port 443

Security & Compliance
Description

Ensuring that Amazon Elastic Kubernetes Service (EKS) security groups are configured to allow incoming traffic only on TCP port 443 means that access to the EKS cluster API server is restricted to HTTPS traffic only. This helps to reduce the risk of unauthorized access to the EKS cluster API server and enhances the overall security posture of the EKS environment.

Remediation

To ensure that EKS security groups are configured to allow incoming traffic only on TCP port 443, organizations should implement the following remediation steps:

  1. Review EKS Security Groups: Review all EKS security groups in the AWS environment to identify any that allow incoming traffic on ports other than TCP port 443.
  2. Update Security Group Rules: Update the security group rules for the relevant security groups to allow incoming traffic only on TCP port 443.
  3. Remove Unused Rules: Remove any unused rules from the security groups to ensure that only necessary access is allowed.
  4. Regularly Audit and Review: Regularly audit and review EKS security groups to ensure that ingress and egress access is restricted and there are no open rules.

By implementing these remediation steps, organizations can help ensure that access to the EKS cluster API server is restricted to HTTPS traffic only, which can help reduce the risk of unauthorized access to the EKS environment and enhance the overall security posture of the AWS environment.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.