CIS Amazon Elastic Kubernetes Service (EKS) Benchmark : iCompaas Support

CIS Amazon Elastic Kubernetes Service (EKS) Benchmark

Restrict Access to the Control Plane Endpoint

Profile Applicability: • Level 1 Description: Enable Endpoint Private Access to restrict access to the cluster's control plane to only an allowlist o...

Wed, 23 Apr, 2025 at 4:45 AM

Ensure Clusters are Created with Private Endpoint Enabled and Public Access Disabled

Profile Applicability: • Level 1 Description: Disable access to the Kubernetes API from outside the node network if it is not required. Rationale: In ...

Wed, 23 Apr, 2025 at 4:54 AM

Ensure Clusters are Created with Private Nodes

Profile Applicability: • Level 1 Description: Disable public IP addresses for cluster nodes, so that they only have private IP addresses. Private Nodes ar...

Wed, 23 Apr, 2025 at 5:01 AM

Ensure Network Policy is Enabled and Set as Appropriate

Profile Applicability: • Level 1 Description: Amazon EKS provides two ways to implement network policy: Calico Network Policies – An open-source netwo...

Wed, 23 Apr, 2025 at 5:21 AM

Encrypt Traffic to HTTPS Load Balancers with TLS Certificates

Profile Applicability: • Level 1 Description: Encrypt traffic to HTTPS load balancers using TLS certificates. Rationale: Encrypting traffic between use...

Wed, 23 Apr, 2025 at 5:32 AM

Manage Kubernetes RBAC Users with AWS IAM Authenticator for Kubernetes or Upgrade to AWS CLI v1.16.156 or Greater

Profile Applicability: • Level 1 Description: Amazon EKS uses IAM to provide authentication to your Kubernetes cluster through the AWS IAM Authenticator ...

Wed, 23 Apr, 2025 at 6:30 AM