DR of encrypted snapshots may fail with the following error in the Backup log:
Error - <DR Policy>, copy snapshot failed (in Backup account) due to an AWS limitation regarding default encryption key source <source region>, target <target region>, snapshot <cpm-snapshot-name>, KMS alias: <alias name>
This is due to an AWS limitation when using the default AWS-generated CMK to copy snapshots across regions.
To resolve this issue:
Using the AWS console, manually perform a copy of the desired snapshot from source region to target (DR) region.
Once the snapshot copy has completed in AWS; allow the CPM DR policy to run as scheduled, or run immediately by using the "Run ASAP" button.
The DR copy should now be successful.