Policy: AWS > EKS > Cluster > Endpoint Access > CIDR Ranges

Configure the allowed CIDR blocks for public endpoint access to the EKS cluster.

This policy is only applicable when public endpoint access is enabled (either "Public" or "Public and Private" mode).

The policy accepts a list of CIDR blocks in array format. Setting an empty array will remove all CIDR blocks, effectively blocking all public access.

Targets

This policy targets the following resource types:

AWS > EKS > Cluster

Primary Policy

This policy is used with the following primary policy:

AWS > EKS > Cluster > Endpoint Access

Controls

Setting this policy configures this control:

AWS > EKS > Cluster > Endpoint Access

Policy Specification

Schema Type	`array`
Default	`- 0.0.0.0/0`
Examples [YAML]	`- 10.0.0.0/16 - 203.0.0.0/16 - 198.51.0.0/16` `- 0.0.0.0/0`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/security

Policy Type URI

tmod:@turbot/aws-eks#/policy/types/clusterEndpointAccessCidrRanges

GraphQL

query policyType(id: "tmod:@turbot/aws-eks#/policy/types/clusterEndpointAccessCidrRanges") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-eks#/policy/types/clusterEndpointAccessCidrRanges'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-eks#/policy/types/clusterEndpointAccessCidrRanges'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-eks#/policy/types/clusterEndpointAccessCidrRanges"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-eks#/policy/types/clusterEndpointAccessCidrRanges"