Veeam cannot import an instance from an encrypted volume snapshot due to an AWS limitation where importing encrypted EBS volumes for EC2 instance creation is unsupported.
In the official forum you can see similar error with Veeamers reply as here or here
Hi @turnerse, you may have to find a workaround for this issue. From the links @Andanet shared, this is a limitation from the Veeam‘s Workflow and @Mildur has taken note of this request as you can see. I would suggest assigning additional IAM permissions to the AWS account that veeam uses as described in the referenced link or below:
- kms:DescribeKey
- kms:CreateGrant
- kms:Encrypt / kms:Decrypt
- kms:ReEncrypt*
- kms:GenerateDataKey*
- kms:CreateGrant
Thanks @Andanet and @Iams3le for your response and info. I did add those IAM permissions, but that did not help. I was able to turn off EBS encryption to get past this error. Not ideal, but at least it is a work around.
The restore now runs, but having issues on the “Importing VM (62% done)” step and eventually will get this error “9/27/2025 2:16:29 AM Error Importing VM Error: Failed to import machine to Amazon EC2: CLIENT_ERROR : FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity.”. Any suggestions on what to look at would be appreciated.
Thank you!
Scott
@turnerse - just wanted to follow up and see if you were able to get an answer from this thread? If so please mark the best answer or if you figured it out post the answer then mark that one as the best answer.