Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 223 discussion

After seeing D, I didn't even look at option E. its AD correct

B: Wrong, cannot be a user for EKS C: Not possible as NACL need destination CIDR/ports etc. This is not correct way to connect to DynamoDB E: Not secure AD is correct because you need roles for allowing service permissions and accessing DynamoDB with VPC endpoint is the correct way

The application needs to write data to an Amazon DynamoDB table = Attach an IAM role that has write privileges to the EKS pod Without exposing traffic to the internet = VPC endpoint for DynamoDB

The application needs to write data to an Amazon DynamoDB table = Attach an IAM role that has write privileges to the EKS pod Without exposing traffic to the internet = VPC endpoint for DynamoDB

A. By attaching an IAM role to the EKS pod, you can grant the necessary permissions for the pod to access DynamoDB. The IAM role should have appropriate policies allowing access to the DynamoDB table. D. Creating a VPC endpoint for DynamoDB allows the EKS pod to access DynamoDB privately within the VPC, without the need for internet connectivity. The VPC endpoint provides a direct and secure connection to DynamoDB, eliminating the need for traffic to flow over the internet.

A. By attaching an IAM role to the EKS pod, you can grant the necessary permissions for the pod to access DynamoDB. The IAM role should have appropriate policies allowing access to the DynamoDB table. D. Creating a VPC endpoint for DynamoDB allows the EKS pod to access DynamoDB privately within the VPC, without the need for internet connectivity. The VPC endpoint provides a direct and secure connection to DynamoDB, eliminating the need for traffic to flow over the internet. B is incorrect because attaching an IAM user to the pod is not a recommended approach. IAM users are meant for accessing AWS services through the AWS Management Console or AP. C is incorrect because configuring outbound connectivity through network ACLs would not provide a secure and direct connection to DynamoDB. E is incorrect because embedding access keys in the code is not a recommended security practice. It can lead to potential security vulnerabilities. It is better to use IAM roles or other secure mechanisms for providing access to AWS services.

A & D options fulfill the requirements.

Definitely

A D are the correct options

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-eks-adds-support-to-assign-iam-permissions-to-kubernetes-service-accounts/

A, D is the correct answer.

The correct answer is A,D