turbot/aws_perimeter
GitHub
Loading controls...

Control: EKS cluster endpoints should prohibit public access

Description

Ensure that Elastic Kubernetes Service (EKS) endpoints are not publicly accessible.

Usage

Run the control in your terminal:

steampipe check aws_perimeter.control.eks_cluster_endpoint_prohibit_public_access

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share aws_perimeter.control.eks_cluster_endpoint_prohibit_public_access

Plugins & Tables

SQL

select
arn as resource,
case
when resources_vpc_config ->> 'EndpointPublicAccess' = 'true' then 'alarm'
else 'ok'
end as status,
case
when resources_vpc_config ->> 'EndpointPublicAccess' = 'true' then title || ' endpoint publicly accessible.'
else title || ' endpoint not publicly accessible.'
end as reason,
region,
account_id
from
aws_eks_cluster;

Tags