aws-service-catalog-reference-architectures icon indicating copy to clipboard operation
aws-service-catalog-reference-architectures copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

missing kms grants

Open 1robroos opened this issue 2 years ago • 0 comments

Hello, after testing product " Demo Apache Webserver" I received an error in cloudformation:

Instance i-002063fcc56a1fa19 failed to stabilize. Current state: shutting-down. Reason: Client.InternalError: Client error on launch

I was not able to solve this, but luckely aws suppert helped me out here: seems that role SCEC2LaunchRole was missing these policies:

              "kms:CreateGrant",
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:GenerateDataKeyWithoutPlainText",
                "kms:ReEncrypt"

It needs them because my account i using EBS encryption by default. At that moment you need these polices, as described in https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#ebs-encryption-requirements

Hope you can use this info for improvement.

1robroos avatar Apr 10 '22 20:04 1robroos