A company is using an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The company must ensure that Kubernetes service accounts in the EKS cluster have secure and granular access to specific AWS resources by using IAM roles for service accounts (IRSA). Which combination of solutions will meet these requirements? (Choose two.) A. Create an IAM policy that defines the required permissions Attach the policy directly to the IAM role of the EKS nodes. B. Implement network policies within the EKS cluster to prevent Kubernetes service accounts from accessing specific AWS services. C. Modify the EKS cluster's IAM role to include permissions for each Kubernetes service account. Ensure a one-to-one mapping between IAM roles and Kubernetes roles. D. Define an IAM role that includes the necessary permissions. Annotate the Kubernetes service accounts with the Amazon ResourceName (ARN) of the IAM role. E. Set up a trust relationship between the IAM roles for the service accounts and an OpenID Connect (OIDC) identity provider. Â Suggested Answer: DE Community Answer: DE This question is in SAA-C03 exam For getting AWS Certified Solutions Architect Associate Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon. The website does not contain actual questions and answers from Amazon's Certification Exam.
Please login or Register to submit your answer