1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
As described in the following AWS blog, Customer Managed key is used to encrypt the backup vault.
Cross-accounting can be set up by sharing that Customer Managed key with the destination account.
https://aws.amazon.com/jp/blogs/storage/protecting-encrypted-amazon-rds-instances-with-cross-account-and-cross-region-backups/
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 1年前
The issue is that the customer has 31 days of RDS snapshots encrypted with AWS Managed Key and need to convert them to snapshots encrypted with Customer Managed Key before to copy them to the destination account in order to avoid losing any previous backup (retention policy for this customer is 31 days). The customer is asking for the recommended procedure to make conversion and copy to the destination account.
It would be a good idea to include a setting to copy from the existing backup vault to a backup vault encrypted with a customer-managed key, and from there to other accounts.