Error "Could not share private image ami-12345678 between accounts" may occur during cross-account instance recovery

Error "Could not share private image ami-12345678 between accounts" may occur during cross-account instance recovery

Error "Could not share private image ami-12345678 between accounts" may occur during cross-account instance recovery:

Error - Could not share private image ami-12345678 between accounts
Error - First step (launching instance) failed. Reason: Could not share parivate image ami-12345678 between accounts

This is a result of an AWS limitation:
  • "You can't copy an encrypted AMI that was shared with you from another account. Instead, if the underlying snapshot and encryption key were shared with you, you can copy the snapshot while re-encrypting it with a key of your own. You own the copied snapshot, and can register it as a new AMI.
  • You can't copy an AMI with an associated billingProduct code that was shared with you from another account. This includes Windows AMIs and AMIs from the AWS Marketplace. To copy a shared AMI with a billingProduct code, launch an EC2 instance in your account using the shared AMI and then create an AMI from the instance.”

When performing cross-account recovery of an instance that requires an image (i.e. Windows instance) and it is encrypted, you'll need to provide another AMI for the recovery, that already exists in the account you're recovering to.
CPM does not need the data on this AMI, it is just used as a prop for the recovery process.
If you do not have such AMI prepared, you can provide an AMI ID of a similar instance - look in the Marketplace for a similar product.
You can use AMI Assistant to find such AMI https://n2ws.com/support/documentation/9-performing-recovery#92 


    • Related Articles

    • File level restore may fail with the "Failed adding share permission" error

      File level restore may fail with the "Failed adding share permission" error: ERROR:  share_snapshot(.\cpmserver\cpm\aws_utils.py:265)  Failed adding share permission to snapshot snap-1234567890abcdef (original volume: vol-abcdef1234567890) Failed. ...

    • Recovery of an encrypted volume may fail: "Not authorized to use key"

      Issue: Performing a cross account recovery of an encrypted volume, or of an instance containing an encrypted volume may not work if the target account cannot access the encryption key from the source account. Error may appear in the CPM Server log as ...

    • Recovery of a cross-account DR copy of encrypted RDS snapshots

      There is a limitation for restoring encrypted RDS snapshots from a DR AWS account. This is an AWS limitation, as described in this link . "Sharing an unencrypted manual DB snapshot enables authorized AWS accounts to directly restore a DB instance ...

    • Cross-Account and Cross-Region DR of an encrypted RDS database may fail

      If cross-region and cross-account backup of an encrypted RDS database is successful, but fails in the cross-region cross-account DR copy, you may see the following error in the cpm logs: ERROR: start_copy_region(dr_rds.py:381) RDS DR copy_snapshot ...

    • Cross-Account Cross-Region Recovery in N2WS

      Overview This article explains the cross-account cross-region recovery process in N2WS and addresses why the “Restore to Region” drop-down menu might be greyed out. Understanding the “Restore to Region” Drop-Down Menu Why is the “Restore to Region” ...