Hi,
I set up an EKS cluster using an NLB. It's currently working fine but the security group creates rules that open some ports to internet. The instances behind the security group are being probed every day and GuardDuty sends alerts notifying that I have unprotected ports. Documentation says that Amazon EKS adds one inbound rule to the node's security group for client traffic and one rule for each load balancer subnet in the VPC for health checks for each Network Load Balancer. I'm not sure if this indeed is a normal behavior because I get the alarms from GuardDuty every time I turn on the cluster. Do I need to setup additional configuration to secure those ports being probed?
Thanks
