AWS069 - EKS Clusters should have the public access disabled

Explanation

EKS clusters are available publicly by default, this should be explicitly disabled in the vpc_config of the EKS cluster resource.

Insecure Example

The following example will fail the AWS069 check.

resource "aws_eks_cluster" "bad_example" {
    // other config 

    name = "bad_example_cluster"
    role_arn = var.cluster_arn
    vpc_config {
        endpoint_public_access = true
    }
}

Secure Example

The following example will pass the AWS069 check.

resource "aws_eks_cluster" "good_example" {
    // other config 

    name = "good_example_cluster"
    role_arn = var.cluster_arn
    vpc_config {
        endpoint_public_access = false
        public_access_cidrs = ["10.2.0.0/8"]
    }
}