Risk Level: Medium
Cloud Entity: EKS Cluster
CloudGuard Rule ID: D9.AWS.NET.70
Covered by Spectral: No
Category: Compute

GSL LOGIC

EksCluster should not have resourcesVpcConfig.additionalSecurityGroups length()>1

REMEDIATION

From Portal:

Sign in to the AWS console.
Navigate to the EKS (Amazon Elastic Kubernetes) service.
Select the cluster you want to verify.
Go to Networking tab and ensure there is no Additional security groups associated to that cluster.
Choose one security group or create a new security group that have all the correct rules.

References:

https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

EKS Cluster

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes.

Compliance Frameworks

AWS CloudGuard Best Practices
AWS HITRUST
AWS HITRUST v11.0.0
AWS ISO27001:2022
AWS ITSG-33
AWS MITRE ATT&CK Framework v10
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 5
CloudGuard AWS All Rules Ruleset