AWS_EKS_4
To protect private information, sensitive data, and enhance the security of communication of Amazon EKS cluster encryption must be enabled using AWS Key Management Service. So if your data is encrypted, even if an unauthorized person or entity gains access to it, they will not be able to read it.
If you enable secrets encryption, the Kubernetes secrets are encrypted using the AWS KMS key that you select. The KMS key must meet the following conditions:
1 Symmetric
2 Can encrypt and decrypt data
3 Created in the same AWS Region as the cluster
4 If the KMS key was created in a different account, the user must have access to the KMS key.
Note
You can’t disable secret encryption after enabling it. This action is irreversible.
Perform the following to enable secret encryption on an existing cluster.
From the Console :
1 Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
2 Choose the cluster that you want to add KMS encryption to.
3 Choose the Overview tab (this is selected by default).
4 Scroll down to the Secrets encryption section and choose Enable.
5 Select a key from the dropdown list and choose the Enable button. If no keys are listed, you must create one first.
6 Choose the Confirm button to use the chosen key.
References :
https://docs.aws.amazon.com/eks/latest/userguide/enable-kms.html
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.