Recovery of an encrypted volume may fail: "Not authorized to use key"

Recovery of an encrypted volume may fail: "Not authorized to use key"

Issue:
Performing a cross account recovery of an encrypted volume, or of an instance containing an encrypted volume may not work if the target account cannot access the encryption key from the source account.

Error may appear in the CPM Server log as below:
ERROR:  share_snapshot(.\cpmserver\cpm\aws_utils.py:301)  Failed adding share permission to snapshot snap-xxxxx (original volume: vol-xxxxx). Reason: Not authorized to use key arn:aws:kms:us-east-1:xxxxx:key/xxxxx
ERROR:  _prepare_snap_info(.\cpmserver\cpm\cpm_copy_snapshot.py:407)  copy snapshot failed for region US East (N. Virginia), snapshot snap-xxxxx. Reason: Failed adding share permission to snapshot snap-xxxxx original volume: vol-xxxxx). Reason: Not authorized to use key arn:aws:kms:us-east-1:xxxxx:key/xxxxx
ERROR:  start_copy(.\cpmserver\cpm\cpm_copy_snapshot.py:228)  Can't start copy snapshot snap-xxxxx. Error: None

Solution:
Please double check the AWS account being used for recovery to the target account is listed as a Key User or Key Administrator within the source account.

Also please check both accounts have all necessary permissions, listed here: