Json Yaml Endpoint Public Access True
Description
Detects AWS EKS clusters defined in CloudFormation templates that have public endpoint access enabled. When EKS endpoints are publicly accessible, the Kubernetes API server is exposed to the internet, which could allow unauthorized access to cluster management capabilities.
Detection Strategy
• Scan CloudFormation template files for EKS cluster resources (AWS::EKS::Cluster)
• Check if the resource configuration has endpoint public access enabled
• Report a vulnerability if an EKS cluster is configured with public endpoint access
Vulnerable code example
Resources:
MyEKSCluster:
Type: "AWS::EKS::Cluster"
Properties:
Name: "MyCluster"
RoleArn: "arn:aws:iam::123456789012:role/eks-role"
Version: "1.21"
ResourcesVpcConfig:...✅ Secure code example
Resources:
MyEKSCluster:
Type: "AWS::EKS::Cluster"
Properties:
Name: "MyCluster"
RoleArn: "arn:aws:iam::123456789012:role/eks-role"
Version: "1.21"
ResourcesVpcConfig:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.