🔥 3-day streak
AWS Certified CloudOps Engineer - Associate110 / 159
Question 110 of 159

A company encrypts data in an S3 bucket in us-east-1 using a customer managed AWS KMS key. For disaster recovery, they replicate the objects to a bucket in eu-west-1 using S3 Cross-Region Replication. During a DR test, the CloudOps team finds that applications in eu-west-1 cannot decrypt the replicated objects, and the replication itself is failing on the KMS decrypt step. The team wants a solution that allows the same key material to be used for decryption in eu-west-1 without re-encrypting data or managing a separate key with different key material. What should they do?

Reviewed for accuracy · Report an issueNext question