fix(aws): update EKS check in compliance frameworks (#5672)

prowler-cloud · Nov 7, 2024 · aa79a28 · aa79a28
1 parent 0340ab9
commit aa79a28
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 16 deletions.
diff --git a/prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json b/prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json
@@ -485,7 +485,7 @@
         "codeartifact_packages_external_public_publishing_disabled",
         "ecr_repositories_not_publicly_accessible",
         "efs_not_publicly_accessible",
-        "eks_endpoints_not_publicly_accessible",
+        "eks_cluster_not_publicly_accessible",
         "elb_internet_facing",
         "elbv2_internet_facing",
         "s3_account_level_public_access_blocks",
@@ -664,7 +664,7 @@
         "awslambda_function_not_publicly_accessible",
         "apigateway_restapi_waf_acl_attached",
         "cloudfront_distributions_using_waf",
-        "eks_control_plane_endpoint_access_restricted",
+        "eks_cluster_not_publicly_accessible",
         "sagemaker_models_network_isolation_enabled",
         "sagemaker_models_vpc_settings_configured",
         "sagemaker_notebook_instance_vpc_settings_configured",

diff --git a/prowler/compliance/aws/kisa_isms_p_2023_aws.json b/prowler/compliance/aws/kisa_isms_p_2023_aws.json
@@ -1509,9 +1509,9 @@
         "iam_user_mfa_enabled_console_access",
         "networkfirewall_in_all_vpc",
         "eks_cluster_network_policy_enabled",
-        "eks_control_plane_endpoint_access_restricted",
+        "eks_cluster_not_publicly_accessible",
         "eks_cluster_private_nodes_enabled",
-        "eks_endpoints_not_publicly_accessible",
+        "eks_cluster_not_publicly_accessible",
         "kafka_cluster_is_public",
         "kafka_cluster_unrestricted_access_disabled",
         "vpc_peering_routing_tables_with_least_privilege",

diff --git a/prowler/compliance/aws/kisa_isms_p_2023_korean_aws.json b/prowler/compliance/aws/kisa_isms_p_2023_korean_aws.json
@@ -1509,9 +1509,9 @@
         "iam_user_mfa_enabled_console_access",
         "networkfirewall_in_all_vpc",
         "eks_cluster_network_policy_enabled",
-        "eks_control_plane_endpoint_access_restricted",
+        "eks_cluster_not_publicly_accessible",
         "eks_cluster_private_nodes_enabled",
-        "eks_endpoints_not_publicly_accessible",
+        "eks_cluster_not_publicly_accessible",
         "kafka_cluster_is_public",
         "kafka_cluster_unrestricted_access_disabled",
         "vpc_peering_routing_tables_with_least_privilege",

diff --git a/prowler/compliance/aws/nist_800_171_revision_2_aws.json b/prowler/compliance/aws/nist_800_171_revision_2_aws.json
@@ -19,7 +19,7 @@
         "ec2_ebs_public_snapshot",
         "ec2_instance_profile_attached",
         "ec2_instance_public_ip",
-        "eks_endpoints_not_publicly_accessible",
+        "eks_cluster_not_publicly_accessible",
         "emr_cluster_master_nodes_no_public_ip",
         "iam_aws_attached_policy_no_administrative_privileges",
         "iam_customer_attached_policy_no_administrative_privileges",
@@ -61,7 +61,7 @@
         "ec2_ebs_public_snapshot",
         "ec2_instance_profile_attached",
         "ec2_instance_public_ip",
-        "eks_endpoints_not_publicly_accessible",
+        "eks_cluster_not_publicly_accessible",
         "emr_cluster_master_nodes_no_public_ip",
         "iam_aws_attached_policy_no_administrative_privileges",
         "iam_customer_attached_policy_no_administrative_privileges",
@@ -102,7 +102,7 @@
       "Checks": [
         "ec2_ebs_public_snapshot",
         "ec2_instance_public_ip",
-        "eks_endpoints_not_publicly_accessible",
+        "eks_cluster_not_publicly_accessible",
         "emr_cluster_master_nodes_no_public_ip",
         "awslambda_function_not_publicly_accessible",
         "awslambda_function_url_public",

diff --git a/prowler/compliance/aws/nist_csf_1.1_aws.json b/prowler/compliance/aws/nist_csf_1.1_aws.json
@@ -971,7 +971,7 @@
       "Checks": [
         "ec2_ebs_public_snapshot",
         "ec2_instance_public_ip",
-        "eks_endpoints_not_publicly_accessible",
+        "eks_cluster_not_publicly_accessible",
         "emr_cluster_master_nodes_no_public_ip",
         "awslambda_function_url_public",
         "rds_instance_no_public_access",

diff --git a/prowler/compliance/azure/cis_2.1_azure.json b/prowler/compliance/azure/cis_2.1_azure.json
@@ -3043,9 +3043,7 @@
     {
       "Id": "9.4",
       "Description": "Ensure that Register with Entra ID is enabled on App Service",
-      "Checks": [
-        ""
-      ],
+      "Checks": [],
       "Attributes": [
         {
           "Section": "9. AppService",
@@ -3175,9 +3173,7 @@
     {
       "Id": "9.10",
       "Description": "Ensure Azure Key Vaults are Used to Store Secrets",
-      "Checks": [
-        ""
-      ],
+      "Checks": [],
       "Attributes": [
         {
           "Section": "9. AppService",