Answer-first summary for fast verification
Answer: Take a snapshot; amend the KMS key policy to give access to the migration account's root user; share the snapshot.
To share an encrypted RDS snapshot across accounts with least overhead, take a snapshot of the DB instance, update the KMS key policy to allow the target account's root user to use the key, and then share the snapshot. This allows the migration account to copy the snapshot and restore it using the shared KMS key. Other options involve more steps like creating replicas, new keys, or exporting to S3 which is more complex.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A SysOps administrator wants to share a copy of a production RDS DB instance (encrypted with a KMS key aliased production-rds-key) with a migration account. What must be done with the LEAST administrative overhead?
A
Take a snapshot; amend the KMS key policy to give access to the migration account's root user; share the snapshot.
B
Create an RDS read replica in the migration account; replicate the KMS key to the migration account.
C
Take a snapshot; share it with the migration account; create a new KMS key with an identical alias in the migration account.
D
Export the RDS instance to S3; use a cross-account S3 bucket policy; import the database using native toolsets.
No comments yet.