- Más nuevo
- Más votos
- Más comentarios
When creating a KMS key for encrypting Kubernetes secrets, the roles assigned to the administrative and usage permissions determine who is allowed to perform certain actions on the key.
For the administrative permissions, you should choose the role that will be responsible for managing the key, such as creating, modifying, or deleting it. This role should typically be assigned to a user or group within your organisation that has the necessary privileges for managing KMS keys.
For the usage permissions, you should choose the role that will be used to perform the encryption and decryption operations on the key. In the case of Kubernetes secrets, this role should be assigned to the worker nodes that run the containers in your cluster. You can do this by granting the necessary permissions to the worker node IAM role.
Ref: https://archive.eksworkshop.com/beginner/191_secrets
https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth
https://aws.github.io/aws-eks-best-practices/security/docs/data/
Contenido relevante
- OFICIAL DE AWSActualizada hace 3 meses
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 3 años
- ¿Cómo puedo enumerar las concesiones de claves y entidades principales de KMS por región en AWS KMS?OFICIAL DE AWSActualizada hace 3 años