EC2/EBS Encryption Gap / Certificate Failure Diagnostic Troubleshooter (Part 2)
Use the interactive troubleshooter below to identify your EC2/EBS encryption gap or certificate failure symptom, review the raw evidence, understand the root cause, and apply the recommended fix.
🚨 Step 1: What specific error symptom are you experiencing?
Please click the most accurate description:
Quick Reference Table
| # | Scenario | Key Error Signal | Root Cause | The Fix |
|---|---|---|---|---|
| 4 | EBS encrypted snapshot copy fails silently due to insufficient KMS key permissions | "StateMessage": "Given key ID is not accessible" | The principal attempting to copy the encrypted snapshot lacks the required DescribeKey permission for the associated KMS key. | N/A |
| 5 | Insecure default xrdp configuration using a self-signed TLS certificate | $ sudo openssl req -x509 -sha384 -newkey rsa:3072 -nodes -keyout /etc/xrdp/key.pem -out /etc/xrdp/cert.pem -days 365 | The remote desktop software (xrdp) bundled in the Amazon Linux 2 MATE AMI encrypts sessions using a self-signed certificate by default instead of a CA-issued certificate. | N/A |