Whenever DR restore triggers it will update the EBS Volumes on AWS console If EBS volumes have KMS encryption enabled, Druva IAM role is unable to access the EBS volumes due to the KMS encryption

Whenever DR restore triggers, DR restores fails while updating the EBS Volumes on AWS console, If EBS volumes have KMS encryption enabled, Druva IAM role is unable to access the EBS volumes due to the KMS encryption.

[2021-04-30 13:01:54,992] [ERROR] EC2Client : Failed to create EBS volume for vol-type=gp2, size=50, avail_zone=us-west-2b, tag_spec=[{'ResourceType': 'volume', 'Tags': [{'Value': u'Phoenix_3479_880650429586_1098_us-west-2_871467_6000C297-9575-ed6f-82fe-9c4e92194af0_706', 'Key': 'Name'}]}]: error = Waiter VolumeAvailable failed: The volume 'vol-004751b5136334cb1' does not exist.

[2021-04-30 13:01:54,992] [ERROR] Error <class 'botocore.exceptions.WaiterError'>:Waiter VolumeAvailable failed: The volume 'vol-004751b5136334cb1' does not exist.. Traceback -Traceback (most recent call last):

File "roboClientLib/boto3/ec2client.py", line 104, in create_ebs_volume

File "botocore/waiter.py", line 53, in wait

File "botocore/waiter.py", line 313, in wait

WaiterError: Waiter VolumeAvailable failed: The volume 'vol-004751b5136334cb1' does not exist.

If you want to specify any region we can go to alias and select Add ARN

Once we click on ADD ARN, We will have a popup to fill in the details about the region and alias and save the changes.

Finally, we can see KMS in the above section and click on preview policy

We can also perform the above steps by editing the JSON file with the below script.

{

"Action": [

"kms:DescribeKey",

"kms:GenerateDataKey*",

"kms:Encrypt",

"kms:ReEncrypt*",

"kms:Decrypt",

"kms:ListGrants",

"kms:CreateGrant",

"kms:RevokeGrant"

],

"Resource": [

"arn:aws:kms:us-west-2:80629586:key/*"

],

"Effect": "Allow"

},

Note:: From the above example script

Us-west-2:: Location of encrypted volumes.

80629586:: AWS account number