Failover To AWS Fails With Error “Instance i-xxxxx did not appear in AWS yet.: did not happen after 00:07:00”
Viewed 63 times
However, if an administrator replaces these AWS-provided KMS keys with their own generated KMS keys, then Zerto will fail to decrypt the EBS volumes properly. Since the OS volume is an EBS volume and is not accessible, per AWS design, the instance is terminated automatically.
Instance i-xxxxx did not appear in AWS yet.: did not happen after 00:07:00
Additionally, while viewing the EC2 Dashboard in AWS during a Failover, it will be noticed that a zimporter instance will spin up but almost immediately terminate.
1) The following KMS permissions must be added to the IAM Role attached to the ZCA that is facilitating the Failover to AWS. Once they are added in, retry the Failover.
"kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey", "kms:CreateGrant", "kms:ListAliases"
2) If the administrator would rather not provide this permission to the ZCA's IAM Role, the customer KMS keys will need to be replaced with the original default AWS-provided KMS keys. Once replaced, retry the Failover.
3) The final option if the above are not acceptable would be to completely disable the EBS encryption feature for the ZCA by following this Zerto KB Article. Once the necessary steps have been taken per the referenced article, retry the Failover.