N2W Software

            CPM supports custom encryption keys for DR

            To support the usage of a custom encryption key for DR, you will need to perform the following-
            1. In the account where the custom key resides:
              1. Go to IAM and browse to the key you wish to share.
              2. Go to Key Users -> External Accounts and click the Add External Account.
              3. Add the id of the DR account you wish to share the key with.
            2. Go to the volume you wish to copy to DR account and/or region and add the following tag:
              1. The tag’s “key” = cpm_dr_encryption_key
              2. The tag’s “value” = The full arn of the encryption key you shared in item #1. For example- arn:aws:kms:us-east-1:123456789101:key/2eaadfb1-b630-4aef-9d90-2d0fb2061e05
              3. If you perform cross-region DR, you will need to have a key for each region as AWS does not allow sharing encryption keys across regions.
                The tag’s “key” should include the region where the key is, for example- Ohio key tag will be: key = cpm_dr_encryption_key:us-east-2 , value = arn:aws:kms:us-east-1:123456789101:key/2eaadfb1-b630-4aef-9d90-2d0fb2061e05
            Please note that if no full arn key is used, you will receive this error messages in the logs during DR backup:
            DR encountered an internal problem and failed and the below exception appears in the logs:
            ERROR: dr_function(dr.py:145) DR function encountered an exception
            Traceback (most recent call last):
            File "./cpmserver/cpm/dr.py", line 143, in dr_function
            File "./cpmserver/cpm/dr.py", line 203, in dr_function_inner
            File "./cpmserver/cpm/dr_volume.py", line 142, in start_copy
            File "./cpmserver/cpm/dr_volume.py", line 121, in prepare_specific_encryption_keys
            File "./common/aws_utils.py", line 928, in prepare_specific_encryption_keys_from_tags
            File "./common/aws_utils.py", line 896, in add_encryption_key
            File "./common/aws_utils.py", line 882, in encryption_key_hint
            IndexError: list index out of range

            Reference feature number – N2WS-777. Added in 2.3.0d. Added RDS feature support in 2.4.0

            Updated: 28 Nov 2018 05:01 AM
            Help us to make this article better
            0 0