Vendor services misconfigurations

EKS Cluster with enabled Public Endpoint or disabled Private Endpoint

Platform(s)
Compliance Frameworks
  • CCPA
  • ,
  • CPRA
  • ,
  • EKS CIS
  • ,
  • HITRUST
  • ,
  • ISO 27701
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • NIST 800-171
  • ,
  • NIST 800-190
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

In a private cluster, the master node has two endpoints, a private and public endpoint. The private endpoint is the internal IP address of the master, behind an internal load balancer in the master's VPC network. Nodes communicate with the master using the private endpoint. The public endpoint enables the Kubernetes API to be accessed from outside the master's VPC network. Orca has detected that the EKS Cluster {AwsEksCluster} has its Private Endpoint disabled or its Public Access enabled