Explanation:
Establishing a shared AWS KMS key in a separate security account and granting both source and destination accounts access via IAM roles ensures secure and controlled access to encrypted data across account boundaries.
Ultimate access to all questions.
Your company is subject to strict data protection laws and requires a solution to encrypt data across AWS account boundaries. Describe the process you would follow to set up cross-account encryption using AWS KMS, including key policy configurations and IAM role permissions.
A
Create a new AWS KMS key in the destination account and grant the source account permissions via the key policy.
B
Use AWS CloudFormation to replicate the encryption setup from the source account to the destination account.
C
Establish a shared AWS KMS key in a separate security account and grant both source and destination accounts access via IAM roles.
D
Encrypt data in the source account using AWS KMS and manually transfer the encrypted data to the destination account.
No comments yet.