AWS eks documentation change
Summary
Updated two documentation links: removed markdown formatting for EFS access points and Kubernetes secrets URLs, converting them to plaintext URLs.
Security assessment
Changes are purely cosmetic (URL formatting). No modifications to security-related content about encryption, secrets management, or access controls. The documentation still describes existing security features without adding new security information.
Diff
diff --git a/eks/latest/best-practices/data-encryption-and-secrets-management.md b/eks/latest/best-practices/data-encryption-and-secrets-management.md index 06d9e885e..b649850e1 100644 --- a//eks/latest/best-practices/data-encryption-and-secrets-management.md +++ b//eks/latest/best-practices/data-encryption-and-secrets-management.md @@ -60 +60 @@ Configure KMS to automatically rotate your CMKs. This will rotate your keys once -If you have shared datasets with different POSIX file permissions or want to restrict access to part of the shared file system by creating different mount points, consider using EFS access points. To learn more about working with access points, see <https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html>. Today, if you want to use an access point (AP) you’ll need to reference the AP in the PV’s `volumeHandle` parameter. +If you have shared datasets with different POSIX file permissions or want to restrict access to part of the shared file system by creating different mount points, consider using EFS access points. To learn more about working with access points, see https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html. Today, if you want to use an access point (AP) you’ll need to reference the AP in the PV’s `volumeHandle` parameter. @@ -68 +68 @@ As of March 23, 2021 the EFS CSI driver supports dynamic provisioning of EFS Acc -Kubernetes secrets are used to store sensitive information, such as user certificates, passwords, or API keys. They are persisted in etcd as base64 encoded strings. On EKS, the EBS volumes for etcd nodes are encrypted with [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). A pod can retrieve a Kubernetes secrets objects by referencing the secret in the `podSpec`. These secrets can either be mapped to an environment variable or mounted as volume. For additional information on creating secrets, see [https://kubernetes.io/docs/concepts/configuration/secret/](https://kubernetes.io/docs/concepts/configuration/secret/). +Kubernetes secrets are used to store sensitive information, such as user certificates, passwords, or API keys. They are persisted in etcd as base64 encoded strings. On EKS, the EBS volumes for etcd nodes are encrypted with [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). A pod can retrieve a Kubernetes secrets objects by referencing the secret in the `podSpec`. These secrets can either be mapped to an environment variable or mounted as volume. For additional information on creating secrets, see https://kubernetes.io/docs/concepts/configuration/secret/.