EKS Clusters should have the public access disabled
Explanation
EKS clusters are available publicly by default, this should be explicitly disabled in the vpc_config of the EKS cluster resource.
Insecure Example
The following example will fail the AWS069 check.
resource "aws_eks_cluster" "bad_example" {
// other config
name = "bad_example_cluster"
role_arn = var.cluster_arn
vpc_config {
endpoint_public_access = true
}
}
Secure Example
The following example will pass the AWS069 check.
resource "aws_eks_cluster" "good_example" {
// other config
name = "good_example_cluster"
role_arn = var.cluster_arn
vpc_config {
endpoint_public_access = false
public_access_cidrs = ["10.2.0.0/8"]
}
}