Home › Forums › AWS › AWS Certified Solutions Architect Associate › Content Issue: etcd encryption in EKS › Reply To: Content Issue: etcd encryption in EKS
-
Hello Arun Nalpet,
We appreciate your attention to detail and the effort you put into bringing this content issue to light.
Yes, you are correct in identifying that “Enable secret encryption with a new AWS KMS key on an existing Amazon EKS cluster to encrypt sensitive data stored in the EKS cluster’s etcd key-value store” is indeed the right answer to the question regarding the secure storage of sensitive configuration data and credentials within an Amazon EKS cluster.
This approach is using AWS Key Management Service (AWS KMS) to encrypt sensitive data, such as database passwords and API keys, stored within the etcd key-value store of an Amazon EKS cluster. Enabling secrets encryption with an AWS KMS key enhances the security of the data at rest by ensuring that all sensitive information stored in the etcd database is encrypted. This not only adheres to best practices for data security within Kubernetes clusters but also utilizes the robust and flexible encryption capabilities provided by AWS KMS.
We will make the necessary updates to the practice exam to reflect the correct answer. Thank you!
Regards,
Nikee @ Tutorials Dojo