Is there any chance to make EKS private and public subnets ACLs less permissive? Allowing all inbound / outbound network traffic leads to certain security audit and compliance issues and I need to allow only specific minimum traffic. Not much info about this over the Internet. This article is probably the only one I found so far that touches network ACLs topic :). And btw, thank you a lot, it's anyway pretty helpful.
I hold a passion for DevOps, Security and Networking and I love bringing these principles to my customers by empowering them with the power of the public cloud.
Is there any chance to make EKS private and public subnets ACLs less permissive? Allowing all inbound / outbound network traffic leads to certain security audit and compliance issues and I need to allow only specific minimum traffic. Not much info about this over the Internet. This article is probably the only one I found so far that touches network ACLs topic :). And btw, thank you a lot, it's anyway pretty helpful.
Thanks for your comment
Yes, you can be less permissive. You can apply the same permissions on ports as security groups:
docs.aws.amazon.com/eks/latest/use...
This article creates a private/public cluster but you can have a fully private cluster
docs.aws.amazon.com/eks/latest/use...