I’m trying to restore backups from my S3 object storage as EC2 instances in AWS. I’m receiving this error after the EBS snapshot is created:
Importing VM Error: Failed to import machine to Amazon EC2: Using an encrypted snapshot as input is not supported
The reason for this is the “Always encrypt new EBS volumes” setting, which unfortunately is mandatory in my company.
Is there a way to work around this?
Best answer by pampelix
Ok, I can shed some light on this now.
The way the process works is:
- Veeam creates a proxy instance
- attaches an EBS volume to the proxy instance
- reads backup block data from S3 and writes it to the EBS volume
- takes a snapshot of the EBS volume
- imports the EBS volume into an AMI, converting from vmdk format.
- launch the AMI as new EC2 instance with all the recovered backup data.
The problem in my particular case is in the second to last step. That’s done via a call to AWS CLI: import-image, and that fails if the EBS snapshot is encrypted.
Unfortunately, in my case that’s a default setting I can’t change, all EBS volumes are encrypted by default in my company. So the error lies actually in AWS, not in Veeam.
+11Hello
Hi
Thanks for the link. I’ve seen that page before, but it seems to be talking about different use cases, and a different product.
Anyway, I made sure all mentioned permissions are in place, and I’m still seeing the same error.
Thoughts?
+11Hi
Ok, I can shed some light on this now.
The way the process works is:
- Veeam creates a proxy instance
- attaches an EBS volume to the proxy instance
- reads backup block data from S3 and writes it to the EBS volume
- takes a snapshot of the EBS volume
- imports the EBS volume into an AMI, converting from vmdk format.
- launch the AMI as new EC2 instance with all the recovered backup data.
The problem in my particular case is in the second to last step. That’s done via a call to AWS CLI: import-image, and that fails if the EBS snapshot is encrypted.
Unfortunately, in my case that’s a default setting I can’t change, all EBS volumes are encrypted by default in my company. So the error lies actually in AWS, not in Veeam.
+11Ok, I can shed some light on this now.
The way the process works is:
- Veeam creates a proxy instance
- attaches an EBS volume to the proxy instance
- reads backup block data from S3 and writes it to the EBS volume
- takes a snapshot of the EBS volume
- imports the EBS volume into an AMI, converting from vmdk format.
- launch the AMI as new EC2 instance with all the recovered backup data.
The problem in my particular case is in the second to last step. That’s done via a call to AWS CLI: import-image, and that fails if the EBS snapshot is encrypted.
Unfortunately, in my case that’s a default setting I can’t change, all EBS volumes are encrypted by default in my company. So the error lies actually in AWS, not in Veeam.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
