eksctl provides some options that can improve the security of your EKS cluster.
withOIDC to automatically create an IRSA for the amazon CNI plugin and limit permissions granted to nodes in your cluster, instead granting the necessary permissions only to the CNI service account. The background is described in this AWS documentation.
For managed and unmanaged nodegroups,
disablePodIMDS option is available prevents all non host networking pods running in this nodegroup from making IMDS requests.
This can not be used together with