Links

AWS EKS

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Hardening

Design Guidance:

AWS::EKS::Cluster

Version
Terraform

AWS::EKS::Nodegroup

Version
Terraform
Launch Template-Id
Terraform

Transparent Data Encryption

Design Guidance:

AWS::EKS::Cluster

Encryption Config
Terraform

Authenticator Protection

Design Guidance:

AWS::EKS::Cluster

Encryption Config-Resources
Terraform

Protect Cryptographic Keys

Design Guidance:

AWS::EKS::Cluster

Provider-Key Arn
Terraform

Utilize Role-based Access Control

Design Guidance:

AWS::EKS::Cluster

Role Arn
Terraform

Firewalls

Design Guidance:

AWS::EKS::Cluster

Resources VPC Config-Security Group Ids
Terraform

AWS::EKS::Nodegroup

Remote Access-Source Security Groups
Terraform

Subnet Isolation

Design Guidance:

AWS::EKS::Cluster

Resources VPC Config-Subnet Ids
Terraform

AWS::EKS::FargateProfile

Subnets
Terraform

AWS::EKS::Nodegroup

Subnets
Terraform

Information Flow Routing

AWS::EKS::Cluster

Kubernetes Network Config-Service Ipv4cidr
Terraform

Asset Inventory

Design Guidance:

AWS::EKS::Cluster

Name
Terraform

AWS::EKS::FargateProfile

Cluster Name
Terraform
Tags
Terraform

AWS::EKS::Nodegroup

Tags
Terraform

Design for High Availability

Design Guidance:

AWS::EKS::Nodegroup

Scaling Config
Terraform
Scaling Config-Min Size
Terraform
Scaling Config-Desired Size
Terraform
Scaling Config-Max Size
Terraform

Information Systems Enforcing Network Access

Design Guidance:

AWS::EKS::Nodegroup

Remote Access
Terraform
Remote Access-EC2SSH Key
Terraform