- Le plus récent
- Le plus de votes
- La plupart des commentaires
When creating a KMS key for encrypting Kubernetes secrets, the roles assigned to the administrative and usage permissions determine who is allowed to perform certain actions on the key.
For the administrative permissions, you should choose the role that will be responsible for managing the key, such as creating, modifying, or deleting it. This role should typically be assigned to a user or group within your organisation that has the necessary privileges for managing KMS keys.
For the usage permissions, you should choose the role that will be used to perform the encryption and decryption operations on the key. In the case of Kubernetes secrets, this role should be assigned to the worker nodes that run the containers in your cluster. You can do this by granting the necessary permissions to the worker node IAM role.
Ref: https://archive.eksworkshop.com/beginner/191_secrets
https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth
https://aws.github.io/aws-eks-best-practices/security/docs/data/
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- Réponse acceptéedemandé il y a 7 mois
- AWS OFFICIELA mis à jour il y a 3 mois
- Comment puis-je répertorier les autorisations et les principaux de clé KMS par région dans AWS KMS ?AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an