diff --git a/terraform/modules/argocd/main.tf b/terraform/modules/argocd/main.tf
index bba6d26..d3afb10 100644
--- a/terraform/modules/argocd/main.tf
+++ b/terraform/modules/argocd/main.tf
@@ -16,7 +16,7 @@ resource "helm_release" "argocd" {
   values = [
     yamlencode({
       server = {
-        service = { type = "LoadBalancer" }
+        service = { type = "ClusterIP" }
         certificate = {
           enabled = true
         }
diff --git a/terraform/modules/eks/main.tf b/terraform/modules/eks/main.tf
index 40e1909..b1bddba 100644
--- a/terraform/modules/eks/main.tf
+++ b/terraform/modules/eks/main.tf
@@ -29,7 +29,7 @@ resource "aws_eks_cluster" "this" {
   vpc_config {
     subnet_ids              = var.private_subnets
     endpoint_private_access = true
-    endpoint_public_access  = true
+    endpoint_public_access  = false
     public_access_cidrs     = var.public_access_cidrs
     security_group_ids      = [aws_security_group.cluster.id]
   }
diff --git a/terraform/modules/eks/outputs.tf b/terraform/modules/eks/outputs.tf
index 7414a0d..57eab91 100644
--- a/terraform/modules/eks/outputs.tf
+++ b/terraform/modules/eks/outputs.tf
@@ -6,6 +6,7 @@ output "cluster_name" {
 output "cluster_endpoint" {
   description = "EKS cluster endpoint"
   value       = aws_eks_cluster.this.endpoint
+  sensitive   = true
 }
 
 output "cluster_security_group_id" {