Certified Security - Specialty
  1. Rooms
  2. Certified Security - Specialty

Sign Up Free or Log In to participate!

Now KMS support Multi-Region Keys

Now KMS support Multi-Region Keys. But "Using KMS With EBS" session exam tips says we can’t copy KMS keys to another region. Could you please check and clarify? Thank you

1 Answers

You can only create multi-Region primary key as customer manage key. After creating multi-region customer manage key can be replicated to selected regions. But AWS manage keys cannot be copied or replicated to other regions yet.
https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html

Piotr Wolnowski

The note – customer manage keys created with multi-region reginality option cannot be used to encrypt EBS volumes!

I wonder if that has to do with some ARN binding at the EBS level. Although the Key ID remains unchanged across multiple regions, Replica keys do have different ARNs, which may be impeding temporarily the interoperability in EBS. It it so, it should not take long for EBS team to introduce auxiliary binding relying on Key ID and metadata of the multi-region keys.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization