A company is designing a CI/CD pipeline for a microservices application deployed on Amazon EKS. The pipeline must support automated canary deployments, rollback capabilities, and integration with AWS Key Management Service (KMS) for secret management. Which combination of AWS services and tools should the architect use? (Select TWO)

Identify the best practices for EKS deployments and secret management.

What mistakes do candidates make on this AWS SAP-C02 question?

Selecting CodeDeploy, assuming it supports EKS natively.

A.

Use AWS CodeDeploy to manage canary deployments directly to EKS pods.

B.

Use AWS CodePipeline with AWS CodeBuild for CI, and integrate with an open-source tool like ArgoCD or Flux for GitOps-based EKS deployments.

C.

Store secrets in AWS Systems Manager Parameter Store and mount them using EFS.

D.

Store secrets in AWS Secrets Manager encrypted with KMS, and use the Secrets Store CSI Driver to mount them in EKS pods.

E.

Use AWS Elastic Beanstalk to manage the EKS cluster deployments.

F.

Use AWS CloudFormation to perform canary deployments of Kubernetes manifests.