ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 319 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 319
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company is using Amazon Elastic Kubernetes Service (Amazon EKS) to run its applications. The EKS cluster is successfully running multiple pods. The company stores the pod images in Amazon Elastic Container Registry (Amazon ECR).

The company needs to configure Pod Identity access for the EKS cluster. The company has already updated the node IAM role by using the permissions for Pod Identity access.

Which solution will meet these requirements?

  • A. Create an IAM OpenID Connect (OIDC) provider for the EKS cluster.
  • B. Ensure that the nodes can reach the EKS Auth API. Add and configure the EKS Pod Identity Agent add-on for the EKS cluster.
  • C. Create an EKS access entry that uses the API_AND-CONFIG_MAP cluster authentication mode.
  • D. Configure the AWS Security Token Service (AWS STS) endpoint for the Kubernetes service account that the pods in the EKS cluster use.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by uncledana at Nov. 18, 2024, 10:51 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Srikantha
3 months ago
Selected Answer: B
The company wants to configure EKS Pod Identity (a newer and simpler alternative to IAM Roles for Service Accounts / IRSA). Since they already updated the node IAM role to allow Pod Identity access, the next essential step is to: Install the EKS Pod Identity Agent add-on to the cluster. Ensure that the nodes can reach the EKS Auth API, which the agent uses to request temporary credentials. This is exactly what Option B outlines.
upvoted 1 times
...
CHRIS12722222
6 months, 1 week ago
Selected Answer: B
Question is not talking about IRSA Pod identities do not need OIDC
upvoted 3 times
...
tubtab
6 months, 2 weeks ago
Selected Answer: B
IT BBBB
upvoted 2 times
...
gildzeee
6 months, 2 weeks ago
Selected Answer: B
question doesnt state the pods are using irsa so the eks addon should work just fine with pod identity
upvoted 2 times
...
teo2157
6 months, 3 weeks ago
Selected Answer: A
It's A based on this: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
upvoted 1 times
...
pma17
7 months ago
Selected Answer: B
Pod Identity is a "new" way to provide Pod access to AWS services and does not rely on OIDC. Instead you have to setup the EKS Pod Identity Agent and must ensure kubernetes nodes can reach the EKS Auth API endpoint. https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html
upvoted 3 times
...
f4b18ba
7 months, 2 weeks ago
Selected Answer: A
This is the necessary first step to set up IRSA. Without the IAM OIDC provider, IAM cannot trust tokens from the EKS cluster, and service accounts cannot assume IAM roles. Enables the establishment of trust between Kubernetes service accounts and IAM roles, allowing pods to securely access AWS resources.
upvoted 1 times
CHRIS12722222
6 months, 1 week ago
Question is not talking about IRSA Pod identities do not need OIDC
upvoted 1 times
...
...
uncledana
7 months, 3 weeks ago
The best and most accurate solution is A. Create an IAM OpenID Connect (OIDC) provider for the EKS cluster.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel