diff --git a/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py b/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py index 22178448..99cd2cb3 100644 --- a/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py +++ b/prowler/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.py @@ -15,7 +15,7 @@ class eks_endpoints_not_publicly_accessible(Check): report.status_extended = ( f"Cluster endpoint access is private for EKS cluster {cluster.name}." ) - if cluster.endpoint_public_access and not cluster.endpoint_private_access: + if cluster.endpoint_public_access: report.status = "FAIL" report.status_extended = ( f"Cluster endpoint access is public for EKS cluster {cluster.name}." diff --git a/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py b/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py index 5ad7dba1..58e0bbaa 100644 --- a/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible_test.py @@ -58,6 +58,8 @@ class Test_eks_endpoints_not_publicly_accessible: ) assert result[0].resource_id == cluster_name assert result[0].resource_arn == cluster_arn + assert result[0].resource_tags == [] + assert result[0].region == AWS_REGION def test_endpoint_not_public_access(self): eks_client = mock.MagicMock @@ -91,3 +93,5 @@ class Test_eks_endpoints_not_publicly_accessible: ) assert result[0].resource_id == cluster_name assert result[0].resource_arn == cluster_arn + assert result[0].resource_tags == [] + assert result[0].region == AWS_REGION