Possible Reason for Failed Volume Attachment: Encryption Incompatibility
Question
The Development Team is planning to use an encrypted Cold HDD Amazon EBS volume with an existing m5.large Amazon EC2 instance for storing application data.
While attaching this volume to the Amazon EC2 instance, volume attachment is getting failed & you have been asked to troubleshoot the issue. What could be a possible reason for this issue?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D.
CMK Key used for encryption of Amazon EBS volume should be in Enabled state, else attaching an encrypted Amazon EBS volume to an Amazon EC2 instance fails.
Option A is incorrect as all EBS volumes support encryption.
Option B is incorrect as all current generation EC2 instances support encryption.
Option C is incorrect as using the default key will not affect volume attachment to Amazon EC2 instances.
For encryption, either default or custom key can be used.
For more information on Amazon EBS encryption, refer to the following URL,
https://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.htmlThe possible reason for the failed attachment of an encrypted Cold HDD Amazon EBS volume to an existing m5.large Amazon EC2 instance could be:
B. Instance type m5.large Amazon EC2 Instances do not support encrypted EBS volume.
This answer is correct because not all Amazon EC2 instances support encrypted EBS volumes. The m5.large instance type supports encrypted EBS volumes, but only if the instance is launched in an Availability Zone that supports Elastic Block Store encryption. If the instance is launched in an Availability Zone that does not support EBS encryption, attaching an encrypted volume will fail.
A. Volume type Cold HDD volume type does not support encryption is incorrect. Amazon EBS volumes can be encrypted regardless of their type.
C. Default KMS key is used for encryption of Amazon EBS volumes is also incorrect. The default KMS key is used for encryption of EBS volumes only if no customer-managed CMK is specified.
D. CMK key status used for encryption is in disabled state is also incorrect. If the CMK key status is disabled, the encryption process would fail, but it wouldn't prevent the volume from being attached to the instance.
In conclusion, the correct answer is B. The m5.large Amazon EC2 instance type does not support encrypted EBS volumes if the instance is launched in an Availability Zone that does not support EBS encryption.
