Run `aws eks describe-cluster` and review the contents of the `resourcesVpcConfig` block. `endpointPrivateAccess` should be `true`. Or, if `endpointPublicAccess` is `true`, `publicAccessCidrs` should be set to something other than `0.0.0.0/0`.
๐ฝ aws eks --no-verify-ssl describe-cluster --name int1
{
"cluster": {
"name": "int1",
"arn": "arn:aws:eks:us-east-1:xxxx:cluster/int1",
"createdAt": "2019-06-09T22:51:27.668000-04:00",
"version": "1.13",
"endpoint": "https://xxxx.us-east-1.eks.amazonaws.com",
"roleArn": "arn:aws:iam::xxx:role/xxxx",
"resourcesVpcConfig": {
"subnetIds": [
"subnet-xxx",
"subnet-xxx"
],
"securityGroupIds": [
"sg-xxx"
],
"vpcId": "vpc-xxxx",
"endpointPublicAccess": false,
"endpointPrivateAccess": true,
"publicAccessCidrs": []
},
"logging": {
"clusterLogging": [
{
"types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"enabled": true
}
]
},
...