Your company is expanding its operations to a new country and needs to configure encryption across AWS account boundaries to ensure data security. Describe the process you would follow to set up cross-account encryption using AWS KMS, including key policy configurations and IAM role permissions.

Simulated

Create a new AWS KMS key in the destination account and grant the source account permissions via the key policy.

12.5%

Use AWS CloudFormation to replicate the encryption setup from the source account to the destination account.

12.5%

Establish a shared AWS KMS key in a separate security account and grant both source and destination accounts access via IAM roles.

68.8%

Encrypt data in the source account using AWS KMS and manually transfer the encrypted data to the destination account.

6.3%

AWS Certified Data Engineer - Associate