EC2/EBS Encryption Gap / Certificate Failure Diagnostic Troubleshooter (Part 1)
Use the interactive troubleshooter below to identify your EC2/EBS encryption gap or certificate failure symptom, review the raw evidence, understand the root cause, and apply the recommended fix.
🚨 Step 1: What specific error symptom are you experiencing?
Please click the most accurate description:
Quick Reference Table
| # | Scenario | Key Error Signal | Root Cause | The Fix |
|---|---|---|---|---|
| 1 | EBS volume creation failure due to a disabled KMS key | "event": "createVolume" "result": "failed" "cause": "arn:aws:kms:sa-east-1:0123456789ab:key/... is disabled." | The AWS KMS key provided for EBS volume encryption is in a disabled state. | N/A |
| 2 | EBS volume creation failure due to a KMS key pending import | "event": "createVolume" "result": "failed" "cause": "arn:aws:kms:sa-east-1:0123456789ab:key/... is pending import." | The AWS KMS key specified for encrypting the new EBS volume is still pending the import of its key material. | N/A |
| 3 | EBS volume attach/reattach failure due to a KMS key pending deletion | "event": "attachVolume" "result": "failed" "cause": "arn:aws:kms:us-east-1:0123456789ab:key/... is pending deletion." | The AWS KMS key used to encrypt the existing EBS volume is scheduled for deletion, causing the attach operation to fail. | N/A |