Which combination of actions must the application development team take to meet these requirements?
(Choose two.)
Add access from the “WeReceive” account to the custom AWS KMS key policy of the sharing team.
Make a copy of the DB snapshot, and set the encryption option to disable.
Share the DB snapshot by setting the DB snapshot visibility option to public.
Make a copy of the DB snapshot, and set the encryption option to enable.
Share the DB snapshot by using the default AWS KMS encryption key.
Explanations:
The application development team must update the custom AWS KMS key policy to allow access from the “WeReceive” account to ensure it can access and use the encrypted DB snapshot.
Disabling encryption would make the snapshot unencrypted, which does not meet the requirement of sharing an encrypted snapshot.
Setting the DB snapshot visibility to public is not required. The issue is with sharing the encrypted snapshot, not making it public.
Making a copy of the DB snapshot and setting the encryption option to enable ensures the snapshot remains encrypted, and the copy can be shared with the “WeReceive” account under the correct encryption settings.
Using the default AWS KMS encryption key would not work because the custom key from the “WeShare” account must be used for encryption, not the default AWS KMS key.
In my experience, the answer is:
Add access from the “WeReceive” account to the custom AWS KMS key policy of the sharing team.