- Newest
- Most votes
- Most comments
Let's immediately remove C and D as those are clearly not the answer, which of course you're not considering anyways, but I digress.
This question is one of security and access, although your immediate thought would be to go for an IAM policy, and it would be good to check your policies, if I were in a test I would look at the keywords. Endpoint access is limited to private subnets and denied to any public facing pings. This tells me I'm probably thinking of a network based question, and not an identity permission. That doesn't mean we can remove the IAM piece entirely, but I'd be leaning towards B because of that.
Let's look at documentation next. This blog, answers our question. You must have an interface endpoint for communication between nodes and other services. More details can be found in the EKS documentation: "Any self-managed nodes must be deployed to subnets that have the VPC interface endpoints that you require."
Finally, IAM permissions are important here. Here's the documentation around IAM roles, which state three roles needed to communicate between the data plane and the control plane. If we go to the automatically created EKS role: AmazonEKSNodeRole, we can see that those three are included. Thus I can safely say that B is truly the answer.
This is an example of a question that challenges you to determine what the question is actually asking unless you happen to be an expert on EKS, namely is it networking, or identity? Look for keywords to help you determine what the question is leading you towards. Good luck with your studies!
Relevant content
- asked 7 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago