Comments (1)
TLDR;
- Don't use the default 'aws/rds' key on cluster. Customer Managed Key (CMK) is appropriate.
- Setup share of CMK if across account is needed.
- Use full ARN in KmsKeySource if across account is needed.
I hit a similar issue with the "KMSKeyNotAccessibleFault" error in the lambda logs. After updating the Aurora cluster with a CMK instead of the default aws/rds key I was able to share the CMK with since I had to share across account.
This guide is shows how to share.
https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html
After doing these steps the error persisted and I discovered that the "KmsKeySource" I had entered was simply the Key ID and since I was sharing across accounts I needed to specify the ARN since it contains the local (origin) account ID.
Hope this helps.
from aurora-snapshot-tool.
Related Issues (20)
- How to check destination settings? HOT 2
- Occasional rate limiting errors HOT 7
- Support for Aurora PostgreSQL? HOT 2
- Incomplete pagination prevents sharing HOT 2
- Including automated snapshots increases run time and cost.
- Patterns match against snapshot instead of cluster
- An error occurred (KMSKeyNotAccessibleFault) when calling the CopyDBClusterSnapshot operation: Specified KMS key [None] does not exist, is not enabled or you do not have permissions to access it. HOT 10
- Unable to copy AWS managed KMS encrypted snapshots between accounts HOT 3
- Need overly permissive policy to avoid KMSKeyNotAccessibleFault HOT 1
- Can you go into detail about why this doesn't work with aurora-postgresql? HOT 2
- Same account, different region HOT 3
- Snapshot issue HOT 3
- Missing rds:addTagsToResources HOT 1
- Add option to use a different KMS key when sharing HOT 1
- Retention days parameter in the dest account not working as expected
- Parameters: [CodeBucket] must have values HOT 1
- Public bucket access HOT 1
- share encrypted snapshot not copying over to another region and account HOT 5
- Failed to create stack HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aurora-snapshot-tool.