AWS Certified Solutions Architect – Associate (SAA-C03) — Question 902

A company is migrating an application from an on-premises location to Amazon Elastic Kubernetes Service (Amazon EKS). The company must use a custom subnet for pods that are in the company's VPC to comply with requirements. The company also needs to ensure that the pods can communicate securely within the pods' VPC.

Which solution will meet these requirements?

Answer options

• A. Configure AWS Transit Gateway to directly manage custom subnet configurations for the pods in Amazon EKS.
• B. Create an AWS Direct Connect connection from the company's on-premises IP address ranges to the EKS pods.
• C. Use the Amazon VPC CNI plugin for Kubernetes. Define custom subnets in the VPC cluster for the pods to use.
• D. Implement a Kubernetes network policy that has pod anti-affinity rules to restrict pod placement to specific nodes that are within custom subnets.

Correct answer: C

Explanation

The Amazon VPC CNI plugin for Kubernetes supports custom networking, enabling pods to be assigned IP addresses from a specific custom subnet separate from the EC2 worker nodes. Neither AWS Transit Gateway nor AWS Direct Connect can manage pod-level IP assignment within an EKS cluster. Kubernetes network policies with anti-affinity rules control traffic and pod placement, but they cannot configure custom VPC subnets for pod IP allocation.