Error: “Instance i-xxxxx did not appear in AWS yet.: did not happen after 00:07:00” when Attempting to Failover to AWS
Viewed 385 times
An administrator may come across Failover/Move failures to AWS where the zimporter(s) spin up as expected but almost immediately are terminated.
Starting in 7.0, EBS encryption is enabled in Zerto by default. Due to this, all EBS volumes created, including the ones created for zimporters' OS disk and data disk that is used for the import, are encrypted. Zerto utilizes AWS KMS encryption and expects to see the default AWS-provided KMS keys.
However, if an administrator replaces these AWS-provided KMS keys with their own generated KMS keys, then Zerto will fail to decrypt the EBS volumes properly. Since the OS volume is an EBS volume and is not accessible, per AWS design, the instance is terminated automatically.
Failover to AWS fails with the below error:
Instance i-xxxxx did not appear in AWS yet.: did not happen after 00:07:00
Additionally, while viewing the EC2 Dashboard in AWS during a Failover, it will be noticed that a zimporter instance will spin up but almost immediately terminate.
- The following KMS permissions must be added to the IAM Role attached to the ZCA that is facilitating the Failover to AWS. Once they are added in, retry the Failover.
- If the administrator would rather not provide this permission to the ZCA's IAM Role, the customer KMS keys will need to be replaced with the original default AWS-provided KMS keys. Once replaced, retry the Failover.
- The final option if the above are not acceptable would be to completely disable the EBS encryption feature for the ZCA by following this Zerto KB Article. Once the necessary steps have been taken per the referenced article, retry the Failover.