EksCluster should not have more than one security group
Having more than 1 security group is a bad practice and may create unexpected results
Risk Level: Medium
Cloud Entity: EKS Cluster
CloudGuard Rule ID: D9.AWS.NET.70
Covered by Spectral: No
Category: Compute
GSL LOGIC
EksCluster should not have resourcesVpcConfig.additionalSecurityGroups length()>1
REMEDIATION
From Portal:
- Sign in to the AWS console.
- Navigate to the EKS (Amazon Elastic Kubernetes) service.
- Select the cluster you want to verify.
- Go to Networking tab and ensure there is no Additional security groups associated to that cluster.
- Choose one security group or create a new security group that have all the correct rules.
References:
EKS Cluster
Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes.
Compliance Frameworks
- AWS CloudGuard Best Practices
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ISO27001:2022
- AWS ITSG-33
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- CloudGuard AWS All Rules Ruleset
Updated over 1 year ago