Which solution will meet this requirement?
Configure secret replication for each secret. Add us-east-1 as a replication Region. Choose an AWS Key Management Service (AWS KMS) key in us-east-1 to encrypt the replicated secrets.
Create a new secret in us-east-1 for each secret. Configure secret replication in us-east-1. Set the source to be the corresponding secret in us-west-1. Choose an AWS Key Management Service (AWS KMS) key in us-west-1 to encrypt the replicated secrets.
Create a replication rule for each secret. Set us-east-1 as the destination Region. Configure the rule to run during secret rotation. Choose an AWS Key Management Service (AWS KMS) key in us-east-1 to encrypt the replicated secrets.
Create a Secrets Manager lifecycle rule to replicate each secret to a new Amazon S3 bucket in us-west-1. Configure an S3 replication rule to replicate the secrets to us-east-1.
Explanations:
This option correctly configures secret replication for each secret and specifies us-east-1 as the replication region. It also allows the use of an AWS KMS key in us-east-1 for encrypting the replicated secrets, aligning with AWS Secrets Manager’s capabilities.
This option suggests creating a new secret in us-east-1 and configuring replication there, which is not how replication works in Secrets Manager. Replication must be set up directly on the secret itself in the source region, not by creating a new secret in the destination region.
While the idea of a replication rule is mentioned, AWS Secrets Manager does not support running replication rules during secret rotation. Replication needs to be configured directly as part of the secret properties, not conditionally based on rotation.
This option incorrectly suggests using S3 for secret replication. AWS Secrets Manager handles secret replication natively and does not require external services like S3 for replicating secrets between regions.
I opine that the answer is:
Configure secret replication for each secret. Add us-east-1 as a replication Region. Choose an AWS Key Management Service (AWS KMS) key in us-east-1 to encrypt the replicated secrets.