Unable to populate KMS keys for encrypted instances while trying to copy to secondary region
Problem description
There are times when Druva CloudRanger is unable to populate custom encryption keys used to perform encryption when we select the option to save an extra copy to a secondary region. Consequently, the cross-region backups fail with the following error:
A KMS key must be specified for copying encrypted snapshot across regions.
Cause
CloudRanger is unable to detect an encryption key if the Alias field on the key is blank as the listing is done by using this field.
Note: Whenever a key is created using the KMS console, the Alias field must not be blank. This ensures that all the keys created using the KMS console can be detected by the system. However, CloudFormation templates can be used to create these keys keeping this field as blank; therefore, they don't get listed in CloudRanger.
Resolution
Edit the required encryption keys and add an Alias to these keys and perform a sync. The keys should now be able to be populated.