turbot/aws_perimeter
Loading controls...

Control: EKS cluster endpoints should prohibit public access

Description

Ensure that Elastic Kubernetes Service (EKS) endpoints are not publicly accessible.

Usage

Run the control in your terminal:

powerpipe control run aws_perimeter.control.eks_cluster_endpoint_prohibit_public_access

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_perimeter.control.eks_cluster_endpoint_prohibit_public_access --share

Steampipe Tables

SQL

select
arn as resource,
case
when resources_vpc_config ->> 'EndpointPublicAccess' = 'true' then 'alarm'
else 'ok'
end as status,
case
when resources_vpc_config ->> 'EndpointPublicAccess' = 'true' then title || ' endpoint publicly accessible.'
else title || ' endpoint not publicly accessible.'
end as reason,
region,
account_id
from
aws_eks_cluster;

Tags