Hi all,
aws --version
aws-cli/1.22.34 Python/3.10.12 Linux/5.19.0-1025-aws botocore/1.23.34
I stored an AMI to S3 using:
aws ec2 create-store-image-task --image-id ami-111 --bucket bucket-test --region us-east-2 --output table
I was able to see that the image was created on S3 using aws ec2 describe-store-image-tasks
.
Then, I tried to restore the image using:
aws ec2 create-restore-image-task --object-key ami-111.bin --bucket bucket-test --name "Restored AMI"
and I receive an error like this:
An error occurred (InvalidRequest) when calling the CreateRestoreImageTask operation: Invalid parameters for a dependent service: com.amazonaws.services.kms.model.NotFoundException: Key 'arn:aws:kms:us-east-2:999:key/07e4d1e6-a9ef-4306-af44-58c0c385aaa4' does not exist (Service: AWSKMS; Status Code: 400; Error Code: NotFoundException; Request ID: 64894327-f244-4733-b539-66062fe89b2e; Proxy: null) (Service: AmazonEBS; Status Code: 400; Error Code: ValidationException; Request ID: 7147243a-fadb-4f2a-8c61-54499baefaba; Proxy: null)
I am not able to find that key from KMS in any of the regions, let alone us-east-2. The aws cli account I am using has admin access. Can someone point out what I might be doing wrong and what I must do to restore an AMI from S3?
Hi Andrii, I cannot find the KMS key referenced in the error message in any region. I am looking for the key from the web management console. Is there a spot where keys are stored but not visible through the web management console?
Also, the aws cli creds are that of an administrator (policy AdministratorAccess). Shouldn't administrator already have the right access? Additionally, I have also set inline policy specifically for the ARN in the error message: