Ensure AWS EKS node group has implicit SSH access from 0.0.0.0/0

Error: AWS EKS node group does not have implicit SSH access from 0.0.0.0/0

Bridgecrew Policy ID: BC_AWS_KUBERNETES_5
Checkov Check ID: CKV_AWS_100
Severity: HIGH

AWS EKS node group does not have implicit SSH access from 0.0.0.0/0

Description

TBA

Fix - Buildtime

Terraform

  • Resource: aws_eks_node_group
  • Argument: remote_access/source_security_group_ids
    Looks for a missing remote access block or the addition of source_security_group_ids
resource "aws_eks_node_group" "test" {
  ...
  cluster_name    = aws_eks_cluster.example.name
  remote_access {
    ec2_ssh_key = "some-key"
+    source_security_group_ids = "some-group"
  }
}

CloudFormation

  • Resource: AWS::EKS::Nodegroup
  • Argument: Properties.RemoteAccess
Resources:
  Nodegroup1:
    Type: 'AWS::EKS::Nodegroup'
    Properties:
      ...
      RemoteAccess: 
        Ec2SshKey: <ssh key>
+       SourceSecurityGroups: 
+         - ...

  Nodegroup2:
    Type: 'AWS::EKS::Nodegroup'
    Properties:
      ...
-     RemoteAccess:
-               ...

Did this page help you?