Skip to main content
Question

VBR v12.3.2 Windows agent backup restore to AWS EC2

  • September 27, 2025
  • 4 comments
  • 92 views
T

Hi All,

 

I have a VBR 12.3.2 server running in AWS as an EC2 instance.  Use Windows agent on other EC2s to back them up to an S3 scale-out repository.  The backups work as expected.  I am able to do file level restores with no problems.  When I try to do a restore to EC2 (create a new EC2) I get the following error “Unable to import the instance from an encrypted volume snapshot” when I click Next on the Reason screen.

 

 

I do have it set up to use a helper appliance.  Do you have any thoughts on how to get this working?  The volumes of EC2 that are backed up are encrypted with an AWS-managed key (aws/ebs).  But shouldn’t it be pulling from S3 for the restore?

 

Thanks for any help you can provide.

Scott

    4 comments

    Andanet
    Forum|alt.badge.img+11
    • Andanet
    • Veeam Legend
    • 422 comments
    • September 27, 2025

    Veeam cannot import an instance from an encrypted volume snapshot due to an AWS limitation where importing encrypted EBS volumes for EC2 instance creation is unsupported.

    In the official forum you can see similar error with Veeamers reply as here or here

    Antonio D'Andrea | VMCE 2021 | VMCA 2022 | VMTSP2024 | Veeam Legend | VUG Italy Leader | Object First Ace | VCP6-DCV | I want it written on my tombstone "Please start a restore to the last valid backup"
    Iams3le
    Forum|alt.badge.img+11
    • Iams3le
    • Veeam Legend
    • 1547 comments
    • September 28, 2025

    Hi ​@turnerse, you may have to find a workaround for this issue. From the links ​@Andanet shared, this is a limitation from the Veeam‘s Workflow and ​@Mildur has taken note of this request as you can see. I would suggest assigning additional IAM permissions to the AWS account that veeam uses as described in the referenced link or below:

    - kms:DescribeKey
    - kms:CreateGrant
    - kms:Encrypt / kms:Decrypt
    - kms:ReEncrypt*
    - kms:GenerateDataKey*
    - kms:CreateGrant

    [Microsoft MVP 2x | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
    T
    • turnerse
    • Author
    • New Here
    • 1 comment
    • September 29, 2025

    Thanks ​@Andanet and ​@Iams3le for your response and info.  I did add those IAM permissions, but that did not help.  I was able to turn off EBS encryption to get past this error.  Not ideal, but at least it is a work around.

     

    The restore now runs, but having issues on the “Importing VM (62% done)” step and eventually will get this error “9/27/2025 2:16:29 AM Error    Importing VM Error: Failed to import machine to Amazon EC2: CLIENT_ERROR : FirstBootFailure: This import request failed because the instance failed to boot and establish network connectivity.”.  Any suggestions on what to look at would be appreciated.

     

    Thank you!

    Scott

    Chris.Childerhose
    Forum|alt.badge.img+21
    • Chris.Childerhose
    • Veeam Legend, Veeam Vanguard
    • 9587 comments
    • October 22, 2025

    @turnerse  - just wanted to follow up and see if you were able to get an answer from this thread? If so please mark the best answer or if you figured it out post the answer then mark that one as the best answer.

    Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech


    Terms & ConditionsAccessibility statement