- 最新
- 投票最多
- 评论最多
When creating a KMS key for encrypting Kubernetes secrets, the roles assigned to the administrative and usage permissions determine who is allowed to perform certain actions on the key.
For the administrative permissions, you should choose the role that will be responsible for managing the key, such as creating, modifying, or deleting it. This role should typically be assigned to a user or group within your organisation that has the necessary privileges for managing KMS keys.
For the usage permissions, you should choose the role that will be used to perform the encryption and decryption operations on the key. In the case of Kubernetes secrets, this role should be assigned to the worker nodes that run the containers in your cluster. You can do this by granting the necessary permissions to the worker node IAM role.
Ref: https://archive.eksworkshop.com/beginner/191_secrets
https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth
https://aws.github.io/aws-eks-best-practices/security/docs/data/
相关内容
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 6 个月前