AWS KMS Concepts and Practical
Build on your understanding of AWS KMS.
ASG Client.InternalError
The ASG throws a Client.InternalError
when it attempts to launch an EC2 instance with an encrypted EBS volume, but it doesn’t have access to the KMS key used to encrypt the volume.
There are three solutions for this error:
- If the EBS volume and KMS key are in the same account as the ASG, ensure that the ASG role and KMS key policy allow the required access.
- If the EBS volume and KMS key are in another account, migrate the EBS snapshot from the other account to the account with the ASG. Ensure that the ASG role and KMS key policy allow the required access.
- If the EBS volume and KMS key are in another account, continue to use the KMS key in the other account. Allow cross-account access to the ASG service-linked role.
Get hands-on with 1200+ tech skills courses.