Answer-first summary for fast verification
Answer: Enable secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS).
## Explanation **Correct Answer: B - Enable secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS).** ### Why Option B is Correct: 1. **Native EKS Feature**: Amazon EKS provides native support for encrypting Kubernetes secrets using AWS KMS. This is a built-in feature that requires minimal operational overhead. 2. **Automatic Encryption**: When you enable secrets encryption in EKS, all Kubernetes secrets stored in etcd are automatically encrypted at rest using the specified KMS key. 3. **Least Operational Overhead**: This solution requires only configuration changes during cluster creation or update, without needing to modify applications, write custom code, or manage additional services. ### Why Other Options are Incorrect: **A. Use the container application to encrypt the information by using AWS Key Management Service (AWS KMS).** - This requires modifying the application code to handle encryption/decryption - Increases development and maintenance overhead - Not transparent to the application **C. Implement an AWS Lambda function to encrypt the information by using AWS Key Management Service (AWS KMS).** - Requires building and maintaining a separate Lambda function - Adds complexity with event triggers and error handling - Not a native Kubernetes solution **D. Use AWS Systems Manager Parameter Store to encrypt the information by using AWS Key Management Service (AWS KMS).** - Requires storing secrets outside of Kubernetes - Applications need to be modified to retrieve secrets from Parameter Store - Adds complexity with IAM permissions and secret management ### Key Points: - EKS secrets encryption with KMS is a managed service feature - Encryption happens transparently at the etcd level - No application changes required - Meets security requirements with minimal operational effort - Supports both symmetric and asymmetric KMS keys This solution aligns with AWS best practices for securing sensitive data in EKS clusters while minimizing operational complexity.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company uses Amazon Elastic Kubernetes Service (Amazon EKS) to run a container application. The EKS cluster stores sensitive information in the Kubernetes secrets object. The company wants to ensure that the information is encrypted. Which solution will meet these requirements with the LEAST operational overhead?
A
Use the container application to encrypt the information by using AWS Key Management Service (AWS KMS).
B
Enable secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS).
C
Implement an AWS Lambda function to encrypt the information by using AWS Key Management Service (AWS KMS).
D
Use AWS Systems Manager Parameter Store to encrypt the information by using AWS Key Management Service (AWS KMS).