Cross-account exploring of encrypted snapshots may fail
Exploring of cross-account encrypted snapshot may fail with
error: Reason: Encrypted snapshots with EBS default key cannot
be shared (OperationNotPermitted)
If you receive the error above, please note that exploring a
cross-account snapshot with default CMK is not supported by AWS.
"AWS prevents you from sharing snapshots that were encrypted with your
default CMK".
Creating another CMK on each account will not suffice. You will
need to change volume's encryption key to the non-default one.
Please follow the below document to migrate data between
encrypted and non encrypted volumes
Related Articles
Cross account recovery of encrypted volumes may fail
A cross account recovery of an encrypted snapshot may fail with this error: Encrypted snapshots can only create volumes in the owner's account Please upgrade to latest 2.X.X version to resolve the issue. Reference defect number - 6676511295, fixed in ...Cross account Recovery of an encrypted snapshot with shared custom encryption key may fail
Cross account recovery of an encrypted snapshot which is encrypted with a shared custom encryption key may fail when trying to recover a resource either from DR to backup account or from backup to DR account (same account recovery works). CPM server ...Cross-Account and Cross-Region DR of an encrypted RDS database may fail
If cross-region and cross-account backup of an encrypted RDS database is successful, but fails in the cross-region cross-account DR copy, you may see the following error in the cpm logs: ERROR: start_copy_region(dr_rds.py:381) RDS DR copy_snapshot ...Cross-region and cross-account DR of an encrypted RDS cluster may fail in v2.6
Encrypted cluster RDS backups (Cross-region & cross-account) DR might fail. You may see the following in the logs Error - RDS DR copy snapshot failed for region US East (Ohio), snapshot Snapshotname (to DR account). Reason: Encrypted source snapshot: ...Replication of RDS snapshots may fail with "Cross region snapshot copy is not supported for TDE encrypted snapshots"
================================================================================================= As of June 13 2007, AWS has fixed this issue: ...