AWS KMS Concepts and Practical

Build on your understanding of AWS KMS.

We'll cover the following

ASG Client.InternalError
Migrating an encrypted EBS volume across accounts
Changing the KMS key of an encrypted EBS volume
Migrating an encrypted EBS volume across regions
Practical

ASG `Client.InternalError`

The ASG throws a Client.InternalError when it attempts to launch an EC2 instance with an encrypted EBS volume, but it doesn’t have access to the KMS key used to encrypt the volume.

There are three solutions for this error:

If the EBS volume and KMS key are in the same account as the ASG, ensure that the ASG role and KMS key policy allow the required access.
If the EBS volume and KMS key are in another account, migrate the EBS snapshot from the other account to the account with the ASG. Ensure that the ASG role and KMS key policy allow the required access.
If the EBS volume and KMS key are in another account, continue to use the KMS key in the other account. Allow cross-account access to the ASG service-linked role.

Get hands-on with 1400+ tech skills courses.

Introduction

Getting Started with AWS

AWS IAM

AWS EC2

AWS Load Balancers and Auto Scaling Groups

AWS Storage Services

AWS Databases

AWS ElastiCache

AWS Elastic Beanstalk and CloudFront

AWS CloudFormation

AWS Monitoring

AWS VPC

AWS Route 53

AWS Security Services and Encryption

AWS Systems Manager

Important AWS Services

AWS SysOps Administrator Practice Exams

AWS KMS Concepts and Practical

ASG `Client.InternalError`

Introduction

Getting Started with AWS

AWS IAM

AWS EC2

AWS Load Balancers and Auto Scaling Groups

AWS Storage Services

AWS Databases

AWS ElastiCache

AWS Elastic Beanstalk and CloudFront

AWS CloudFormation

AWS Monitoring

AWS VPC

AWS Route 53

AWS Security Services and Encryption

AWS Systems Manager

Important AWS Services

AWS SysOps Administrator Practice Exams

AWS KMS Concepts and Practical

ASG Client.InternalError

ASG `Client.InternalError`