EBS KMS & S3 Access Diagnostic Troubleshooter
Use the interactive troubleshooter below to identify your EBS KMS or S3 access error by symptom, review the raw error log, understand the root cause, and apply the recommended fix.
🚨 Step 1: What specific error symptom are you experiencing?
Please click the most accurate description:
Quick Reference Table
| # | Scenario | Key Error Signal | Root Cause | The Fix |
|---|---|---|---|---|
| 1 | EBS createVolume event failure (KMS key disabled) | is disabled. | The AWS KMS key specified for EBS volume encryption is in a disabled state. | N/A |
| 2 | EBS createVolume event failure (KMS key pending import) | is pending import. | The AWS KMS key specified for EBS volume encryption is waiting for key material to be imported. | N/A |
| 3 | EBS attachVolume event failure (KMS key pending deletion) | is pending deletion. | The AWS KMS key used to encrypt the EBS volume is scheduled for deletion, preventing it from being attached to the instance. | N/A |
| 4 | EBS reattachVolume event failure (KMS key pending deletion) | is pending deletion. | AWS attempted to reattach an encrypted volume following routine server maintenance, but the associated KMS key is pending deletion. | N/A |
| 5 | Silent failure during encrypted EBS snapshot copy | "Given key ID is not accessible" | The user attempting the copy lacks DescribeKey permissions on the default CMK or does not have access permissions for the encryption key. | N/A |
| 6 | S3 object download failure using wget | ERROR 403: Forbidden | The requested S3 object is not public and the client lacks the required identity/access permissions to download it. | N/A |