DR may fail with "Error: No KMS info for region" and "failed getting kms aliases"

The following error may appear in the Backup Log:
Error - Failed looking for source KMS (region US West (Oregon), snapshot snap-xxxxxxxx). Error: No KMS info for region us-west-2 (No KMS)

This error may appear in cpm_server.log:
ERROR: _get_kms_aliases(n2wsoftware\common\aws_utils.py:777) failed getting kms aliases in region US West (Oregon) (Backup account). Error: User: arn:aws:sts::111111111111:assumed-role/CPMRecovery/i-22222222 is not authorized to perform: kms:ListAliases (code AccessDeniedException)
ERROR: init(n2wsoftware\common\aws_utils.py:663) KMS init failed for region us-west-2'

This is a permissions issue - the user can't access the KMS aliases in both regions.
You need to add these roles:
"kms:ListKeys"
"kms:ListAliases"

Please see this article for the full list of required permissions: https://support.n2ws.com/portal/kb/articles/what-are-the-required-minimal-aws-permissions-roles-for-cpm-operation

For more details, please read chapter 10.6.2 "DR of Encrypted Volumes, AMIs and RDS Instances" in our User Guide: http://www.n2ws.com/images/PDF/CPMUserGuide.pdf

Please note:
These permissions are needed even if you don't have any encrypted volumes, as some of the AMIs may be encrypted without you knowing it.

Related Articles
DR of encrypted snapshots may fail with the “No matching KMS alias” error
DR of encrypted snapshots may fail with the following error in the Backup log: ERROR: start_copy_region(.\cpmserver\cpm\dr_volume.py:<line number>) Volume DR copy snapshot failed (in Backup account). No matching KMS alias on target region (source ...
EBS/RDS DR & Recovery with KMS key
When copying cross account an EBS/RDS Volume encrypted with custom KMS, a KMS key should also be available in the other account. There are 2 ways that CPM uses for checking KMS key - Alias & Tag KMS Tag When using custom tag, you are telling CPM to ...
Cross-account DR backup of encrypted snapshots of Aurora cluster (RDS) may fail with the “No matching KMS alias” error
DR of encrypted snapshots of AuroraDB cluster (DRS) may fail with the “No matching KMS alias” error in the Backup log: Error - Aurora DR copy snapshot failed (in Backup account). No matching KMS alias on target region (source <source_region>, target ...
Cross-region DR copy of encrypted snapshot may fail with "Copy failed due to an AWS limitation regarding default encryption key” error
DR of encrypted snapshots may fail with the following error in the Backup log: Error - <DR Policy>, copy snapshot failed (in Backup account) due to an AWS limitation regarding default encryption key source <source region>, target <target region>, ...
Cross region copy of RDS snapshots may fail with error: RDS DR copy snapshot failed (in Backup account). No matching KMS alias in target region
Issue: The Following error may appear in the CPM Server logs: ERROR: start_copy_region(dr_rds.py:301) RDS DR copy snapshot failed (in Backup account). No matching KMS alias on target region (source EU (Frankfurt), target Asia Pacific (Singapore), RDS ...

DR may fail with Error: No KMS info for region and failed getting kms alias

DR may fail with "Error: No KMS info for region" and "failed getting kms aliases"

Related Articles

DR of encrypted snapshots may fail with the “No matching KMS alias” error

EBS/RDS DR & Recovery with KMS key

Cross-account DR backup of encrypted snapshots of Aurora cluster (RDS) may fail with the “No matching KMS alias” error

Cross-region DR copy of encrypted snapshot may fail with "Copy failed due to an AWS limitation regarding default encryption key” error

Cross region copy of RDS snapshots may fail with error: RDS DR copy snapshot failed (in Backup account). No matching KMS alias in target region