EKS node group SSH access should be restricted to specific security groups

eks
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

EKS managed node groups with SSH access enabled should restrict ingress to specific security groups rather than allowing connections from 0.0.0.0/0. When an EC2 SSH key is configured on a node group without specifying source security groups, AWS automatically creates a security group that permits SSH (port 22) from any IP address, exposing the nodes to the internet.

Remediation

Restrict SSH access on the EKS node group by specifying source security groups.

  1. Open the Amazon EKS console.
  2. Select the cluster, navigate to the Compute tab, and select the node group.
  3. Update the node group’s remote access configuration to include specific source security groups that are authorized for SSH access, or remove the SSH key if remote access is not needed.