How can user achieve this?

A user has stored data on an encrypted EBS volume. The user wants to share the data with his friend’s AWS
account. How can user achieve this?

A user has stored data on an encrypted EBS volume. The user wants to share the data with his friend’s AWS
account. How can user achieve this?

A.
Create an AMI from the volume and share the AMI

B.
Copy the data to an unencrypted volume and then share

C.
Take a snapshot and share the snapshot with a friend

D.
If both the accounts are using the same encryption key then the user can share the volume directly

Explanation:
AWS EBS supports encryption of the volume. It also supports creating volumes from existing snapshots
provided the snapshots are created from encrypted volumes. If the user is having data on an encrypted
volume and is trying to share it with others, he has to copy the data from the encrypted volume to a new
unencrypted volume. Only then can the user share it as an encrypted volume data. Otherwise the snapshot
cannot be shared.



Leave a Reply 0

Your email address will not be published. Required fields are marked *


BigMike

BigMike

The answer should be C.

“You can share an encrypted snapshot with specific AWS accounts, though you cannot make it public. For others to use the snapshot, you must also share the custom CMK key used to encrypt it. Cross-account permissions may be applied to a custom key either when it is created or at a later time. Users with access can copy your snapshot and create their own EBS volumes based on your snapshot while your original snapshot remains unaffected.”

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html

venkat sai

venkat sai

I agree with BigMike. THere is an exception to the Encrypted EBS volumes which is the encrypted key must be a custom CMK not the default CMK. If it is CustomCMK then it’s possible to share the snapshot with others or else it is not possible. So, if one wants to share the encrypted EBS volume make sure you have control over the encrypted CMK key such that others can use the key to restore the volume and create an EBS volume from the snapshot.

Ankit Shah

Ankit Shah

Makes sense, it should be C

Viva

Viva

Answer is B.

AWS EBS supports encryption of the volume. It also supports creating volumes from
existing snapshots provided the snapshots are created from encrypted volumes. If the user is having data on an encrypted volume and is trying to share it with others, he has to copy the data from the encrypted volume to a new unencrypted volume. Only then can the user share it as an encrypted volume data. Otherwise the snapshot cannot be shared.

Ashley

Ashley

If you have access to a shared encrypted snapshot and you wish to restore a volume from it, you must create a personal copy of the snapshot and then use that copy to restore the volume. We recommend that you re-encrypt the snapshot during the copy process with a different key that you control. This protects your access to the volume if the original key is compromised, or if the owner revokes the key for any reason.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html

Answer B

sri

sri

c

question is saying that it is sharing with another aws account.

BDA

BDA

The answer is C, the user is sharing the encrpyted snapshot with another AWS account, thus the CMK is needed. There is no stipulation about securely ,as sharing with another AWS account mandates he CMK is needed.

Sagar

Sagar

I would have selected C, if the option talks about CMK.

I will go with B

Ken

Ken

B is always a valid option while C is only applicable to CMK