rfuelsh
commented
1 year ago update- this is not a security threat to our current AWS infra as the EC2 are private subnets, so this not as urgent but its an optimization needed from the EKS terraform side
Right now our DEV and PROD clusters are fine
this ticket we can treat more as an investigation why the NLB/ingress controller add these open port rules to our EKS cluster security group
due to eks node group terraform module inheriting the cluster security group instead of using its own- https://github.com/terraform-aws-modules/terraform-aws-eks/issues/1889 - some defect/missing with this terraform module, our nodes have open/public IPs and ports
Its better to provision new nodes with their own separate security group that is private and then slowly migrate DEV and PROD clusters to them