The AWS AWS KMS key ID for an encrypted DB cluster snapshot. The KMS key ID is the Amazon Resource Name (ARN),
KMS key identifier, or the KMS key alias for the KMS encryption key.
If you copy an encrypted DB cluster snapshot from your AWS account, you can specify a value for
KmsKeyId
to encrypt the copy with a new KMS encryption key. If you don't specify a value for
KmsKeyId
, then the copy of the DB cluster snapshot is encrypted with the same KMS key as the source
DB cluster snapshot.
If you copy an encrypted DB cluster snapshot that is shared from another AWS account, then you must specify a
value for KmsKeyId
.
To copy an encrypted DB cluster snapshot to another AWS Region, you must set KmsKeyId
to the KMS key
ID you want to use to encrypt the copy of the DB cluster snapshot in the destination AWS Region. KMS encryption
keys are specific to the AWS Region that they are created in, and you can't use encryption keys from one AWS
Region in another AWS Region.
If you copy an unencrypted DB cluster snapshot and specify a value for the KmsKeyId
parameter, an
error is returned.