ACK Cluster Public Endpoint Check
ID: rule:aliyun:ack-cluster-public-endpoint-check
Severity: high
IaC Types: ROS, Terraform
Description
ACK clusters should not have a public endpoint set, or the associated SLB listener should have ACL enabled.
Reason for Violation
The ACK cluster has a public endpoint enabled, which may expose the API server to the internet.
Recommendation
Disable the public endpoint for the ACK cluster by setting 'EndpointPublicAccess' to false.
Resource Types
- ROS:
ALIYUN::CS::ASKCluster - ROS:
ALIYUN::CS::ManagedKubernetesCluster - Terraform:
alicloud_cs_managed_kubernetes - Terraform:
alicloud_cs_serverless_kubernetes