Your company is subject to strict data protection laws and requires a solution to encrypt data across AWS account boundaries. Describe the process you would follow to set up cross-account encryption using AWS KMS, including key policy configurations and IAM role permissions.

Simulated

Create a new AWS KMS key in the destination account and grant the source account permissions via the key policy.

10.0%

Use AWS CloudFormation to replicate the encryption setup from the source account to the destination account.

10.0%

Establish a shared AWS KMS key in a separate security account and grant both source and destination accounts access via IAM roles.

70.0%

Encrypt data in the source account using AWS KMS and manually transfer the encrypted data to the destination account.

10.0%

AWS Certified Data Engineer - Associate