It is common to receive alerts about malicious IP addresses attempting to probe the infrastructure, as automated scans and bot-driven attacks frequently occur across the internet.
However, the EKS cluster is configured with a security group that enforces strict access controls. This security group ensures that only a predefined set of Snowplow IP addresses can access the cluster. While external scans may still reach publicly exposed components, any direct access attempts to the EKS cluster itself should be blocked unless they originate from an approved IP address within that allowlist.
Why is the EKS cluster publicly accessible?
