CloudRanger has the ability to generate backups from encrypted resources in both the origin region and copy region. When an encrypted resource is applied to a policy either by id or tag the key mapping for each resource is applied in the ‘ADDITIONAL COPIES’ section which can be accessed by clicking ‘ADVANCED’.
Here is an example of the origin KMS key which is made available for review.
As shown below a dropdown option is also made available to select the destination KMS key for the corresponding copy region.
CloudRanger KMS Key Permissions
In order for CloudRanger to use your encryption keys to re-encrypt data
when it's being copied to another region you'll have to grant us permissions to use them.
- Through the AWS Console, navigate to the IAM service
- Navigate to Encryption Keys
- Select the region where your KMS key is located
- Click on your KMS Key
- Under Key Users, select 'Add'
- Search for your CloudRanger Role ARN.
- Click 'Attach'