EKS Cluster secrets encryption should be enabled and use KMS CMKs

eks
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

EKS clusters should use AWS KMS customer-managed keys (CMKs) for envelope encryption of Kubernetes secrets. This allows you to encrypt your secrets with a unique data key, which can be automatically rotated on a recurring schedule.

Remediation

For guidance on configuring EKS cluster secrets encryption, refer to the Encrypt Kubernetes secrets with KMS on existing clusters section of the Amazon EKS User Guide.