I'm building a SaaS application following the aws eks reference architecture here. However, I have noticed that the load balancer for the EKS cluster is publicly accessible, even when not going through the API gateway.
That seems undesirable. How do I change this in the cdk code to have the load balancer only accessible through the VPC?
The eks stack is found here. The API stack is found here.