AWS Certified Solutions Architect – Associate (SAA-C03) — Question 990

A company uses Amazon Elastic Kubernetes Service (Amazon EKS) to run a container application. The EKS cluster stores sensitive information in the Kubernetes secrets object. The company wants to ensure that the information is encrypted.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Use the container application to encrypt the information by using AWS Key Management Service (AWS KMS).
• B. Enable secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS).
• C. Implement an AWS Lambda function to encrypt the information by using AWS Key Management Service (AWS KMS).
• D. Use AWS Systems Manager Parameter Store to encrypt the information by using AWS Key Management Service (AWS KMS).

Correct answer: B

Explanation

Enabling native KMS secrets encryption in the Amazon EKS cluster configuration is the most efficient solution because it is a built-in feature that requires no application code changes or external infrastructure. Implementing encryption at the application level, via Lambda, or migrating to Parameter Store would introduce significant development and management overhead.