Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS Backup - copyjob rds snapshot - destination backup kms issue bug

0

Followed this tutorial : https://aws.amazon.com/blogs/storage/protecting-amazon-rds-db-instances-encrypted-using-kms-aws-managed-key-with-cross-account-and-cross-region-backups/

Here is the issue -

When the backup rds was performed in the Region A's vault - it has its kms customer-key. But when it was copied over using the aws backup copyjob operation into region B's vault, the backup in destionation region B has the region B's aws managed keys rds when it was supposed to have the customer key kms of region A's replica (in region B).

Note: the customer key in region A is multi-region and has a replica of it in region B

Topics
StorageSecurity, Identity, & Compliance
Tags
AWS Key Management ServiceAWS Backup
Language
English
asked 2 years ago267 views
1 Answer
0

When you perform a cross-region copy using AWS Backup, the copied data will be re-encrypted using the customer-managed key associated with the destination vault. For more details https://docs.aws.amazon.com/aws-backup/latest/devguide/cross-region-backup.html

If you want to encrypt the copies using a multi-region customer-managed key, you need to ensure that the destination vault is also encrypted with the same KMS key that is used to encrypt the source RDS instance.

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content