Ensure that the security groups associated with your Amazon Elastic Kubernetes Service (EKS) clusters are configured to allow inbound traffic only on TCP port 443 (HTTPS) in order to protect your clusters against malicious activities such as brute-force attacks and meet compliance requirements within your organization.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Opening all kind of ports inside your Amazon EKS security groups is not a best practice because it will allow attackers to use port scanners and other probing techniques to identify applications and services running on your EKS clusters and exploit their vulnerabilities.
To determine if your AWS EKS security groups allow access on ports other than TCP port 443, perform the following actions:
Remediation / Resolution
To reconfigure the security groups associated with your Amazon EKS clusters in order to allow access only on TCP port 443 (i.e. HTTPS), perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
EKS Security Groups
Risk level: Medium