2 Answers
- Newest
- Most votes
- Most comments
1
From How EBS encryption works when the snapshot is encrypted
When you attach the encrypted volume to an instance, Amazon EC2 sends a CreateGrant request to AWS KMS so that it can decrypt the data key.
0
You are invoking "StartInstances" API with your IAM user or Role which has enough privileges on KMS which is the reason EC2 instance is starting all the time with encrypted volumes. If your user ID or Role does not have access to KMS then Ec2 instance will not launch and Ec2 running status will change from Pending to Stopped state every time after starting instance.
answered a year ago
Relevant content
- asked 10 months ago
- AWS OFFICIALUpdated a year ago
- I can't use Amazon EC2 Auto Scaling to launch EC2 instances with encrypted AMIs or encrypted volumesAWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago