Topic 1 Question 613
A company uses Amazon Elastic Kubernetes Service (Amazon EKS) to run a container application. The EKS cluster stores sensitive information in the Kubernetes secrets object. The company wants to ensure that the information is encrypted.
Which solution will meet these requirements with the LEAST operational overhead?
Use the container application to encrypt the information by using AWS Key Management Service (AWS KMS).
Enable secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS).
Implement an AWS Lambda function to encrypt the information by using AWS Key Management Service (AWS KMS).
Use AWS Systems Manager Parameter Store to encrypt the information by using AWS Key Management Service (AWS KMS).
ユーザの投票
コメント(7)
- 正解だと思う選択肢: B
EKS supports encrypting Kubernetes secrets at the cluster level using AWS KMS keys. This provides an automated way to encrypt secrets. Enabling this feature requires minimal configuration changes to the EKS cluster and no code changes. Other options like using Lambda functions or modifying the application code to encrypt secrets require additional development effort and overhead. Systems Manager Parameter Store could store encrypted parameters but does not natively integrate with EKS to encrypt Kubernetes secrets. The EKS secrets encryption feature leverages AWS KMS without the need to directly call KMS APIs from the application.
👍 6Guru4Cloud2023/09/23 - 正解だと思う選択肢: B
Enabling secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS) is the least operationally overhead way to encrypt the sensitive information in the Kubernetes secrets object.
When you enable secrets encryption in the EKS cluster, AWS KMS encrypts the secrets before they are stored in the EKS cluster. You do not need to make any changes to your container application or implement any additional Lambda functions.
👍 2nnecode2023/09/22 - 正解だと思う選択肢: B
Use KMS. Enable secrets encryption in KMS.
👍 2taustin22023/09/22
シャッフルモード