All Collections
AWS Workloads
Troubleshooting and FAQs for AWS Workloads
Backups
Troubleshooting AMI Snapshot Copy Failure
Troubleshooting AMI Snapshot Copy Failure
Updated over a week ago

Issue

In some cases, an AMI snapshot copy fails with the following error message:

AMI snapshot copy failed with error: Given key ID is not accessible

Cause

This error occurs due to a possible issue with your encryption keys, when a snapshot copy is enabled for cross-account backups.

๐Ÿ“ Note


โ€‹ When performing a cross-account backup, the KMS key encrypting the source resource (volume) must be a customer master key (CMK). Croos-account backups cannot be managed using an AWS-managed key.

Workaround

To enable cross-account encryption using an AWS-managed key, perform the following:

  1. Create a snapshot of the volume encrypted using the AWS managed key (VOLUME A).

  2. Subsequently, create a volume (VOLUME B) from that snapshot.

  3. Specify a CMK key to be associated with VOLUME B.

  4. Detach the previously encrypted volume (VOLUME A) from the instance and attach the newly created volume (VOLUME B).
    Initiate a manual Sync from your CloudRanger console.

  5. Edit the backup policy and specify the desired key mapping for the cross-account copy of the encrypted source volume.

Related Articles
About Backup Types - AMIs and Snapshots
Restore an AMI
Restore Archived AMIs
AWS configuration to enable cross-region copy of encrypted snapshots
How to configure AWS to enable copying encrypted snapshots across accounts using CloudRanger
Did this answer your question?