Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Associate Content Issue: etcd encryption in EKS

Tagged: ,

  • Content Issue: etcd encryption in EKS

  • Arun Nalpet

    March 1, 2024 at 3:10 pm

    I am going through the Solution Architect Associate practice exam. And I see there is a content issue.

    For one of the questions, the wrong answer is displayed as the right one.

    Please find the attached screenshot of the issue, and the question being asked.

    Here are more details about each service, and how EKS uses it.

    Secrets Manager:

    • “AWS Secrets Manager” will not be dealing with etc key-value store in any way.
    • “AWS
      Secrets Manager” uses “Kubernetes Secret Store CSI Driver”, and this
      will not interfere with etcd store in any way. The secrets from “Secrets
      Manager” will be fetched, decrypted, and mounted as volumes within
      pods. Here are references for the same:

    Amazon EKS Secrets Encryption:

    • This will encrypt all the sensitive information stored within EKS’s etcd backend using the KMS Key.

    Based on this, for the question that’s asked, the right answer for the question should be “Enable secret encryption with KMS key

  • Arun Nalpet

    March 1, 2024 at 3:12 pm

    Here is the screenshot again.

  • Nikee-TutorialsDojo

    March 4, 2024 at 8:27 am

    Hello Arun Nalpet,

    We appreciate your attention to detail and the effort you put into bringing this content issue to light.

    Yes, you are correct in identifying that “Enable secret encryption with a new AWS KMS key on an existing Amazon EKS cluster to encrypt sensitive data stored in the EKS cluster’s etcd key-value store” is indeed the right answer to the question regarding the secure storage of sensitive configuration data and credentials within an Amazon EKS cluster.

    This approach is using AWS Key Management Service (AWS KMS) to encrypt sensitive data, such as database passwords and API keys, stored within the etcd key-value store of an Amazon EKS cluster. Enabling secrets encryption with an AWS KMS key enhances the security of the data at rest by ensuring that all sensitive information stored in the etcd database is encrypted. This not only adheres to best practices for data security within Kubernetes clusters but also utilizes the robust and flexible encryption capabilities provided by AWS KMS.

    We will make the necessary updates to the practice exam to reflect the correct answer. Thank you!


    Nikee @ Tutorials Dojo

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018