Cross-account exploring of encrypted snapshots may fail
Exploring of cross-account encrypted snapshot may fail with
error: Reason: Encrypted snapshots with EBS default key cannot
be shared (OperationNotPermitted)
If you receive the error above, please note that exploring a
cross-account snapshot with default CMK is not supported by AWS.
"AWS prevents you from sharing snapshots that were encrypted with your
default CMK".
Creating another CMK on each account will not suffice. You will
need to change volume's encryption key to the non-default one.
Please follow the below document to migrate data between
encrypted and non encrypted volumes
Related Articles
Cross-Account and Cross-Region DR of an encrypted RDS database may fail
If cross-region and cross-account backup of an encrypted RDS database is successful, but fails in the cross-region cross-account DR copy, you may see the following error in the cpm logs: ERROR: start_copy_region(dr_rds.py:381) RDS DR copy_snapshot ...File level restore may fail with the "Failed adding share permission" error
File level restore may fail with the "Failed adding share permission" error: ERROR: share_snapshot(.\cpmserver\cpm\aws_utils.py:265) Failed adding share permission to snapshot snap-1234567890abcdef (original volume: vol-abcdef1234567890) Failed. ...Cross-account DR backup of encrypted snapshots of Aurora cluster (RDS) may fail with the “No matching KMS alias” error
DR of encrypted snapshots of AuroraDB cluster (DRS) may fail with the “No matching KMS alias” error in the Backup log: Error - Aurora DR copy snapshot failed (in Backup account). No matching KMS alias on target region (source <source_region>, target ...RDS Cross Region DR fails with Exception: Cannot copy more than 5 snapshots across regions
You may see the following errors in the CPM logs when cross region RDS DR copies fail to successfully copy to the DR region. ERROR: cpm_copy_dbsnapshot(aws_rds_utils.py:217) Exception: Cannot copy more than 5 snapshots across regions ...DR of encrypted snapshots may fail with the “No matching KMS alias” error
DR of encrypted snapshots may fail with the following error in the Backup log: ERROR: start_copy_region(.\cpmserver\cpm\dr_volume.py:<line number>) Volume DR copy snapshot failed (in Backup account). No matching KMS alias on target region (source ...