Answer-first summary for fast verification
Answer: Attach an IAM role to the EKS worker nodes, Grant the IAM role access to DynamoDBUse the IAM role to set up IAM roles service accounts (IRSA) functionality.
Option B is CORRECT because using IAM Roles for Service Accounts (IRSA) allows EKS pods to securely access AWS services like DynamoDB without embedding credentials. By attaching an IAM role to the EKS service account and configuring the required policies, the application containers can securely access the DynamoDB table, following AWS best practices for credential management.
Author: Ritesh Yadav
Ultimate access to all questions.
Question 37/58
A company is building a data stream processing application. The application runs in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The application stores processed data in an Amazon DynamoDB table.
The company needs the application containers in the EKS cluster to have secure access to the DynamoDB table. The company does not want to embed AWS credentials in the containers.
Which solution will meet these requirements?
A
Store the AWS credentials in an Amazon S3 bucket. Grant the EKS containers access to the S3 bucket to retrieve the credentials.
B
Attach an IAM role to the EKS worker nodes, Grant the IAM role access to DynamoDBUse the IAM role to set up IAM roles service accounts (IRSA) functionality.
C
Create an IAM user that has an access key to access the DynamoDB table. Use environment variables in the EKS containers to store the IAM user access key data.
D
Create an IAM user that has an access key to access the DynamoDB table. Use Kubernetes secrets that are mounted in a volume of the EKS cluster nodes to store the user access key data.
No comments yet.