Avoiding cross-region dependencies is generally preferable - LKP should support a use-case with the Lambda deployed to multiple regions.
Considerations:
KMS key will probably also be deployed to each corresponding region
LKP client needs to know which regional APIs and KMS and Lambda ARNs to use
Custom authoriser could say "hey, wrong region - use this one instead" and client retries with other deployment? Not sure
Maybe the Lambda could be invoked twice - first time simply tells client KMS key ARN it should use, second time works as per usual. Think about security implications
Avoiding cross-region dependencies is generally preferable - LKP should support a use-case with the Lambda deployed to multiple regions.
Considerations: