🔥 3-day streak
AWS Certified Security - Specialty103 / 184
Question 103 of 184
A company stores encrypted application backups in S3 buckets located in us-east-1 and eu-west-1. All objects are encrypted using SSE-KMS with a single-Region customer managed key created in us-east-1. During a disaster recovery test, an EC2 instance running in eu-west-1 fails to decrypt objects that were replicated to the eu-west-1 bucket, returning an error even though the IAM role has kms:Decrypt permission and the key policy grants access to that role. What is the MOST likely cause and the recommended fix?
Reviewed for accuracy · Report an issueNext question