AWS Security ChangesHomeSearch

AWS prescriptive-guidance medium security documentation change

Service: prescriptive-guidance · 2025-06-19 · Security-related medium

File: prescriptive-guidance/latest/encryption-best-practices/eks.md

Summary

Added recommendation to use Secrets Manager CSI Driver to mitigate data leaks and note about AWS Fargate unsupported

Security assessment

Introduces security documentation about mitigating data leaks via environment variables using Secrets Manager CSI Driver, directly addressing secure secret management.

Diff

diff --git a/prescriptive-guidance/latest/encryption-best-practices/eks.md b/prescriptive-guidance/latest/encryption-best-practices/eks.md
index b9450ea66..f3920b330 100644
--- a//prescriptive-guidance/latest/encryption-best-practices/eks.md
+++ b//prescriptive-guidance/latest/encryption-best-practices/eks.md
@@ -41,0 +42,6 @@ Consider the following encryption best practices for this service:
+  * To help mitigate the risk of data leaks from environment variables, we recommend you use the [AWS Secrets Manager and Config Provider for Secret Store CSI Driver](https://github.com/aws/secrets-store-csi-driver-provider-aws) (GitHub). This driver allows you to make secrets stored in Secrets Manager and parameters stored in Parameter Store appear as files mounted in Kubernetes pods.
+
+###### Note
+
+AWS Fargate is not supported.
+