In some cases, an AMI snapshot copy fails with the following error message:
AMI snapshot copy failed with error: Given key ID is not accessible
This error occurs due to a possible issue with your encryption keys, when a snapshot copy is enabled for cross-account backups.
Note: When performing a cross-account backup, the KMS key encrypting the source resource (volume) must be a customer master key (CMK). Croos-account backups cannot be managed using an AWS-managed key.
To enable cross-account encryption using an AWS-managed key, perform the following
- Create a snapshot of the volume encrypted using the AWS managed key (VOLUME A).
- Subsequently, create a volume (VOLUME B) from that snapshot.
- Specify a CMK key to be associated with VOLUME B.
- Detach the previously encrypted volume (VOLUME A) from the instance and attach the newly created volume (VOLUME B).
Initiate a manual Sync from your CloudRanger console.
- Edit the backup policy and specify the desired key mapping for the cross-account copy of the encrypted source volume.