A VPC subnet is a part of the VPC, with its own rules for traffic. Subnets with automatic Public IP assignment can inadvertently expose the instances within this subnet to the internet. It is recommended to disable this feature for subnets.
9. (Optional) Under Other AWS Accounts section, click Add an External Account and enter an external account ID in order to add another AWS account that can use this CMK to encrypt/decrypt data. The owners of the external AWS accounts must also provide access to this CMK by creating policies for their IAM users.