RDS Aurora instance in 'Inaccessible-encryption-credentials-recoverable' state, cannot be restarted.

Question

A few days ago, one of my Aurora instances (configured as 5.7.mysql_aurora.2.11.2) entered the 'Inaccessible-encryption-credentials-recoverable' state and stopped functioning. Upon consulting the logs, I noticed that the problem followed another issue: the failure of the reactivation of enhanced monitoring (a reactivation that I did not initiate, but occurred automatically). The encryption key, created and handled by AWS, is still active and functioning, so much so that I am using it on an instance I created from a backup of the one that is no longer working. In the official guide, I read about trying to restart the instance, but in reality, I cannot do it, not even from the terminal. I can only delete it. I would like to ask if anyone has had this same problem, whether it is a problem attributable to AWS, and how it might be prevented. Thank you.

Answer

The encrypted DB instance goes into **inaccessible-encryption-credentials-recoverable** in when the KMS key isn't enabled, or when the Aurora cluster access to a KMS key is revoked,  the state of the instance goes to **inaccessible-encryption-credentials** if it isn't recovered until 7 days where the only available option is to restore from any previous available backups. You can refer [Encrypting a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.html#Overview.Encryption.Enabling) for more information.
Hope it helps and if it does, I would appreciate if answer can be accepted so that community can benefit for clarity when searching for similar enquirers in Repost, thank you ;)

RDS Aurora instance in 'Inaccessible-encryption-credentials-recoverable' state, cannot be restarted.

Relevant content