If I have to copy encrypted data in my RDS database from one region to another in AWS, what all options do I have based on the following design points:
1) My keys will be particular to a region in case I use services like CloudHSM or KMS
2) I do not want to have a Key management instance On Premise from where I can supply keys commonly to either regions
3) I am ok to encrypt the whole RDS or go for column based encryption
