Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

EKS Network Load Balancer Port Probing

0

Hi,

I set up an EKS cluster using an NLB. It's currently working fine but the security group creates rules that open some ports to internet. The instances behind the security group are being probed every day and GuardDuty sends alerts notifying that I have unprotected ports. Documentation says that Amazon EKS adds one inbound rule to the node's security group for client traffic and one rule for each load balancer subnet in the VPC for health checks for each Network Load Balancer. I'm not sure if this indeed is a normal behavior because I get the alarms from GuardDuty every time I turn on the cluster. Do I need to setup additional configuration to secure those ports being probed?

Thanks

Topics
Security, Identity, & ComplianceContainers
Tags
Amazon EKS AnywhereAmazon GuardDutyAmazon Elastic Kubernetes Service
Language
English
asked 2 years ago358 views
1 Answer
0

What you're seeing is normal, but your setup definitely can be made more secure. I see that your EKS cluster needs some ports open to work properly and these open ports are visible from the internet, which isn't ideal. In this case, GuardDuty is warning you about this, which is good - it's doing its job. To fix it, you could take some measures:

  1. Use an internal load balancer instead of an internet-facing one.
  2. Limit which IP addresses can access your cluster.
  3. Add extra security rules in SGs to your VPC.
  4. Use private network connections to control exactly who access your EKS cluster (for example AWS Site-to-Site VPN or AWS Direct Connect).
AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content