A company wants to use AWS Organizations to create isolated accounts for different teams…

Question

A company wants to use AWS Organizations to create isolated accounts for different teams and functionality. The company’s database administrator needs to copy a DB instance from the main account in the us-east-1 Region to a new test account in the us-west-2 Region. The database administrator has already taken a snapshot of the encrypted Amazon RDS for PostgreSQL source DB instance in the main account. Which combination of steps must the database administrator take to copy the snapshot to the new account? (Choose three.)

Accepted Answer

Correct answer: B, C, F. B. Create a new AWS Key Management Service (AWS KMS) customer managed key in the main account in us-east-1. Copy the key to the test account in us-west-2. — C. Copy the snapshot of the source DB instance to us-west-2 by using the AWS Key Management Service (AWS KMS) customer managed key. Enable encryption on the new snapshot. Share the snapshot with the test account. — F. In the test account, copy the shared snapshot by using the copied AWS Key Management Service (AWS KMS) key to create a final encrypted snapshot. Use the final snapshot to create a new RDS for PostgreSQL DB instance. — Option B is correct because it ensures that the necessary key for encryption is created in the main account and is available in the test account. Option C is essential as it involves copying the snapshot while retaining encryption. Option F is also correct as it shows the process of using the shared snapshot to create a final encrypted snapshot in the test account. The other options either do not facilitate the proper transfer of the encryption keys or do not follow the required steps for sharing and copying snapshots correctly.

AWS Certified Database – Specialty — Question 229

Answer options

Correct answer: B, C, F

Explanation