Network misconfigurations

Default VPC is being used to launch an EKS cluster

Platform(s)
Compliance Frameworks

CCPA, cis_8, CPRA, HITRUST, iso_27001_2022, iso_27002_2022, K8s OWASP Top 10, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-190, NIST 800-53, PDPA

Description

A default VPC is automatically created when you first provision related resources and is suitable for a quick start. The default VPC is used when an instance is launched without a particular subnet. It was found that the default VPC is being used for launching your EKS cluster {AwsEksCluster}. The default VPC comes with a default configuration that lacks the proper security controls. Your network should be well configured and follow the least privilege principle, meaning only the necessary privileges are granted. Therefore, the default VPC will not suit your needs.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo