To replicate encrypted Amazon Redshift snapshot copies, ensure that the following prerequisites are met:
-
In the destination Region, create a KMS key with the alias
cvlt-redshift. If you use a KMS key with a different alias, add a tag namedcvlt-redshiftto that KMS key. -
Add the IAM user as a key user for the KMS key used in the destination Region.
-
The AWS account performing the snapshot copy must have the following permissions on the destination KMS key:
-
kms:CreateGrant
-
kms:Encrypt
-
kms:Decrypt
-
kms:ReEncrypt*
-
kms:GenerateDataKey*
-
kms:DescribeKey
-