Terraform Endpoint Public Access True
Description
Detects AWS EKS clusters configured with publicly accessible endpoints, which exposes the Kubernetes API server to the internet. This creates a security risk by allowing potential unauthorized access to cluster management functions if additional authentication is compromised.
Detection Strategy
• Identifies AWS EKS cluster resources in Terraform configurations
• Checks if the cluster's endpoint access configuration allows public access
• Reports a vulnerability when an EKS cluster is configured to have its endpoint publicly accessible
Vulnerable code example
resource "aws_eks_cluster" "example" {
name = "exposed-cluster"
role_arn = aws_iam_role.cluster.arn
vpc_config {
subnet_ids = ["subnet-12345"]
endpoint_public_access = true # Vulnerable: Exposes EKS API endpoint to the internet...✅ Secure code example
resource "aws_eks_cluster" "example" {
name = "exposed-cluster"
role_arn = aws_iam_role.cluster.arn
vpc_config {
subnet_ids = ["subnet-12345"]
endpoint_public_access = false # Disable public access to protect EKS API endpoint...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.