This month, AWS Key Management Service (AWS KMS) introduced multi-Region keys. It is a new capability that lets you replicate keys from one AWS Region into another. With multi region keys, it is easy to move the encrypted data between Regions without having to decrypt and re-encrypt with different keys in each Region.
Multi region keys are supported for client-side encryption in the AWS Encryption SDK, AWS S3 Encryption Client, and AWS DynamoDB Encryption Client. The process of creating a CMK in AWS KMS, is depicted in the attached diagram with seven steps process.
This new service simplify any process that copies protected data into multiple Regions, such as disaster recovery/backup, DynamoDB global tables, or for digital signature applications that require the same signing key in multiple Regions.
AWS KMS makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2.