spiffe
Allow creation of multi-region KMS keys
Multi-region KMS keys can be used in conjunction global load balancers and global Aurora databases to achieve automated failover between regions, for example for SPIRE upstream servers.
We discussed this during the contributors sync yesterday. We're ok in principle with supporting so we moved it to priority/backlog. We also added the unscoped tag while we consider how we can best support multi-region keys. They are handled as primary and replica keys, so we need to see how to support them in the configuration as well as handling the lifecycle of them.
One particular call out regarding the lifecycle was if we always make a replicate-key API call every time we do a create-key call, how do we handle if one API call fails?