A company is setting up an Amazon EKS cluster for a digital media streaming app, using managed node groups with Amazon EBS for storage. They require data at rest encryption using a customer-managed AWS KMS key with minimal operational overhead. Which two actions meet this requirement?

Exam-Like

Explanation:

The correct answers are C and D. Option C, 'Set EBS encryption as the default in the AWS Region, using the customer-managed key,' reduces operational overhead by ensuring all new EBS volumes are automatically encrypted with the customer-managed key. Option D, 'Create an EKS cluster with an IAM role allowing access to the customer-managed key,' ensures that the EKS cluster can use the customer-managed key without additional steps. These options together meet the requirement with minimal operational overhead.

Powered ByGPT-5

AWS Certified Solutions Architect - Associate

Get started today

AWS Certified Solutions Architect - Associate

Get started today

A company is setting up an Amazon EKS cluster for a digital media streaming app, using managed node groups with Amazon EBS for storage. They require data at rest encryption using a customer-managed AWS KMS key with minimal operational overhead. Which two actions meet this requirement?