aws_compliance

Ensure whether AWS Elastic Kubernetes Service (AWS EKS) endpoint is not publicly accessible. The rule is compliant if the endpoint is publicly accessible.

eks_cluster_endpoint_restrict_public_access

pci_dss_v40_requirement_1_2_8

1.2.8: Configuration files for NSCs are secured from unauthorized access and are kept consistent with active network configurations

pci_dss_v321_requirement_1_3

1.3 Examine firewall and router configurations—including but not limited to the choke router at the Internet, the DMZ router and firewall, the DMZ cardholder segment, the perimeter router, and the internal cardholder network segment—and perform the following to determine that there is no direct access between the Internet and system components in the internal cardholder network segment

pci_dss_v40_requirement_1_3_1

1.3.1: Inbound traffic to the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_3_2

1.3.2: Outbound traffic from the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_4_2

1.4.2: Inbound traffic from untrusted networks to trusted networks is restricted

pci_dss_v40_requirement_1_5_1

1.5.1 Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks

pci_dss_v321_requirement_2_2_2

2.2.2 Enable only necessary services, protocols, daemons, etc., as required for the function of the system

nist_800_171_rev_2_3_1_1

3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)

nist_800_171_rev_2_3_1_2

3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute

nist_800_171_rev_2_3_1_3

3.1.3 Control the flow of CUI in accordance with approved authorizations

cis_controls_v8_ig1_3_3

3.3 Configure Data Access Control Lists

pci_dss_v321_requirement_7_2_1

7.2.1 Confirm that access control systems are in place on all system components

pci_dss_v40_appendix_a1_1_3

A1.1.3: Controls are implemented such that each customer can only access resources allocated to them

all_controls_eks

nist_csf_pr_ac_3

PR.AC-3

nist_csf_pr_ac_4

PR.AC-4

nist_csf_pr_ac_5

PR.AC-5

nist_csf_pr_ds_5

PR.DS-5

nist_csf_pr_ip_8

PR.IP-8

nist_csf_pr_pt_3

PR.PT-3

nist_csf_pr_pt_4

PR.PT-4

EKS clusters endpoint should restrict public access

foundational_security_eks_1

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: EKS clusters endpoint should restrict public access

Description

Usage

SQL

Tags