Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Regional KMS keys

  • chris42356

    Member
    January 12, 2022 at 8:15 pm

    I think this answer is now wrong because of: https://aws.amazon.com/about-aws/whats-new/2021/06/kms-multi-region-keys/

    An application hosted in an Amazon ECS Cluster is using an Amazon RDS database instance encrypted at rest with AWS Key Management Service (KMS). To improve data resiliency, the Security Administrator must create a cross-region read replica of the database instance in another AWS Region.

    What should the Administrator do to complete this task?

    Hence, the correct answer is: Set up a new CMK in the other region using AWS KMS. Create the encrypted read replica in another AWS Region by specifying the key identifier of the newly created CMK in the other Region.


    The option that says: Create the encrypted read replica in another AWS Region by specifying the key identifier of the current CMK in the source Region is incorrect because the keys generated by AWS KMS are only stored and used in the region in which they were created. You can’t specify the key identifier of the current CMK in the source Region if you are creating a new read replica in another AWS Region.

  • Carlo-TutorialsDojo

    Administrator
    January 19, 2022 at 7:02 pm

    Hello chris42356,

    Thanks for your feedback.

    Yes. With KMS’s new multi-region key support, this question is now obsolete.

    We will be replacing this item with a new one.

    Let me know if you have further questions.

    Regards,

    Carlo @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now