By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Failing in KMS handshake

0

Successfully I ran execute-cmd via aws command on Fargate task instance. But my teammates are running into this error message.

Encountered error while initiating handshake. KMSEncryption failed on client with status 2 error: Failed to process action KMSEncryption: error while creating new KMS service, Error creating new aws sdk session LoadClientTLSCertError: client TLS cert(true) and key(false) must both be provided

Topics
ServerlessContainers
Tags
AWS Fargate
Language
English
AWS-User-2172324
asked 2 years ago1270 views
1 Answer
0

Hi, this issue seems more of KMS key validity issue or permissions. could please refer the documentation[1] and validate the configuration.

Data channel encryption : The communication between your client and the container to which you are connecting is encrypted by default using TLS1.2. It is, however, possible to use your own AWS Key Management Service (KMS) keys to encrypt this data channel. The ECS cluster configuration override supports configuring a customer key as an optional parameter. When specified, the encryption is done using the specified key. Ultimately, ECS Exec leverages the core SSM capabilities described in the SSM documentation.

[1] https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/

AWS
SUPPORT ENGINEER
Kiran_K
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content