Amazon EKS
📘 Having the Amazon EKS cluster's Kubernetes API server endpoint publicly accessible poses significant security risks, including unauthorized access and potential data breaches. Implementing strict access controls is essential to protect these endpoints from external threats.
- Section: Public Exposure
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering
- Rule Set: Threat Modeling - Cloud Configuration Check
📘 Allowing access on ports other than TCP port 443 in AWS EKS security groups can lead to unsecured data transmissions and vulnerabilities. Ensuring secure communication through encrypted channels like TCP port 443 is crucial for maintaining data security and integrity.
- Section: Compute
- Severity: High
- CWE: CWE-319 Cleartext Transmission of Sensitive Information
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Spoofing, Tampering
- Rule Set: Threat Modeling - Cloud Configuration Check
Updated 5 months ago
What’s Next