Topic 1 Question 941
2 つ選択A company is using an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The company must ensure that Kubernetes service accounts in the EKS cluster have secure and granular access to specific AWS resources by using IAM roles for service accounts (IRSA).
Which combination of solutions will meet these requirements?
Create an IAM policy that defines the required permissions Attach the policy directly to the IAM role of the EKS nodes.
Implement network policies within the EKS cluster to prevent Kubernetes service accounts from accessing specific AWS services.
Modify the EKS cluster's IAM role to include permissions for each Kubernetes service account. Ensure a one-to-one mapping between IAM roles and Kubernetes roles.
Define an IAM role that includes the necessary permissions. Annotate the Kubernetes service accounts with the Amazon ResourceName (ARN) of the IAM role.
Set up a trust relationship between the IAM roles for the service accounts and an OpenID Connect (OIDC) identity provider.
ユーザの投票
コメント(6)
- 👍 4spoved2024/09/27
- 正解だと思う選択肢: DE
chatgpt: D. Define an IAM role that includes the necessary permissions. Annotate the Kubernetes service accounts with the Amazon Resource Name (ARN) of the IAM role:
Granular Access Control: By defining an IAM role with the necessary permissions and annotating the Kubernetes service accounts with the ARN of this IAM role, you can achieve fine-grained access control for specific AWS resources. This allows each service account to have only the permissions it needs. E. Set up a trust relationship between the IAM roles for the service accounts and an OpenID Connect (OIDC) identity provider:
IRSA Integration: To enable IRSA, your EKS cluster must be associated with an OpenID Connect (OIDC) identity provider. This trust relationship allows Kubernetes service accounts to assume IAM roles, enabling secure and granular access to AWS resources.
👍 2[Removed]2024/08/17 - 正解だと思う選択肢: DE👍 2mooondooo2024/09/23
シャッフルモード