Vendor services misconfigurations

EKS Cluster with enabled Public Endpoint or disabled Private Endpoint

Platform(s)
Compliance Frameworks

CCPA, CPRA, EKS CIS, HITRUST, ISO 27701, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, NIST 800-171, NIST 800-190, NIST 800-53, PDPA, UK Cyber Essentials

Description

In a private cluster, the master node has two endpoints, a private and public endpoint. The private endpoint is the internal IP address of the master, behind an internal load balancer in the master's VPC network. Nodes communicate with the master using the private endpoint. The public endpoint enables the Kubernetes API to be accessed from outside the master's VPC network. Orca has detected that the EKS Cluster {AwsEksCluster} has its Private Endpoint disabled or its Public Access enabled
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo