Skip to main content

💼 [EKS.1] EKS cluster endpoints should not be publicly accessible

  • Contextual name: 💼 [EKS.1] EKS cluster endpoints should not be publicly accessible
  • ID: /frameworks/aws-fsbp-v1.0.0/eks/01
  • Located in: 💼 Elastic Kubernetes Service (EKS)

Description​

When you create a new cluster, Amazon EKS creates an endpoint for the managed Kubernetes API server that you use to communicate with your cluster. By default, this API server endpoint is publicly available to the internet. Access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes Role Based Access Control (RBAC). By removing public access to the endpoint, you can avoid unintentional exposure and access to your cluster.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement15537
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control14
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement326889
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows3746
💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege102349
💼 NIST SP 800-53 Revision 5 → 💼 AC-21 Information Sharing28
💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection29450
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(3) Boundary Protection _ Access Points8
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services28
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic14
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic22
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(16) Boundary Protection _ Prevent Discovery of System Components23
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(20) Boundary Protection _ Dynamic Isolation and Segregation8
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components22
💼 PCI DSS v4.0.1 → 💼 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks.6

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags