Topic 1 Question 514
A company is running a microservices application on Amazon EC2 instances. The company wants to migrate the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster for scalability. The company must configure the Amazon EKS control plane with endpoint private access set to true and endpoint public access set to false to maintain security compliance. The company must also put the data plane in private subnets. However, the company has received error notifications because the node cannot join the cluster.
Which solution will allow the node to join the cluster?
Grant the required permission in AWS Identity and Access Management (IAM) to the AmazonEKSNodeRole IAM role.
Create interface VPC endpoints to allow nodes to access the control plane.
Recreate nodes in the public subnet. Restrict security groups for EC2 nodes.
Allow outbound traffic in the security group of the nodes.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: B
By creating interface VPC endpoints, you can enable the necessary communication between the Amazon EKS control plane and the nodes in private subnets. This solution ensures that the control plane maintains endpoint private access (set to true) and endpoint public access (set to false) for security compliance.
👍 4LONGMEN2023/05/19 - 正解だと思う選択肢: B
b for me
👍 2nosense2023/05/17 - 正解だと思う選択肢: A
Check this : https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html
Also, EKS does not require VPC endpoints. This is not the right use case for EKS
👍 2y02023/05/22
シャッフルモード