Answer: Create a database snapshot. Add the acquiring company’s AWS account to the KMS key policy. Share the snapshot with the acquiring company’s AWS account.

## Explanation **Correct Answer: B** When sharing encrypted Amazon Aurora database snapshots between AWS accounts, the target account must have access to the KMS key used to encrypt the snapshot. Here's why option B is correct: 1. **Database snapshots inherit encryption**: When you create a snapshot of an encrypted Aurora database, the snapshot is also encrypted with the same KMS key. 2. **KMS key access is required**: For another AWS account to access and restore an encrypted snapshot, that account must have permission to use the KMS key that encrypted the snapshot. 3. **Key policy modification**: Adding the acquiring company's AWS account to the KMS key policy grants them the necessary permissions to use the key for cryptographic operations. 4. **Snapshot sharing**: After modifying the key policy, you can share the snapshot with the target AWS account using the AWS Management Console, CLI, or API. **Why other options are incorrect**: - **Option A**: Creating an unencrypted snapshot would remove encryption, which violates security requirements for confidential data. - **Option C**: Using a different KMS key would require re-encryption and doesn't address the core issue of key access. Also, key aliases are not used for cross-account access control. - **Option D**: Downloading and uploading to S3 is inefficient, introduces security risks during transfer, and doesn't preserve the database snapshot format that can be directly restored to Aurora. **Best Practice**: Always maintain encryption for confidential data and properly manage KMS key policies for cross-account sharing scenarios.

Author: LeetQuiz Editorial Team