Vendor services misconfigurations

EKS Cluster with enabled Public Endpoint or disabled Private Endpoint

Risk Level

Informational (4)



In a private cluster, the master node has two endpoints, a private and public endpoint. The private endpoint is the internal IP address of the master, behind an internal load balancer in the master's VPC network. Nodes communicate with the master using the private endpoint. The public endpoint enables the Kubernetes API to be accessed from outside the master's VPC network. Orca has detected that the EKS Cluster {AwsEksCluster} has its Private Endpoint disabled or its Public Access enabled
  • Recommended Mitigation

    Disable access to the Kubernetes API from outside the node network if it is not required.