AWS CVO disk wrong KMS key being selected
- Views:
- 29
- Visibility:
- not set
- Votes:
- 0
- Category:
- cloud-volumes-ontap-cvo
- Specialty:
- amazon_web_service
- Last Updated:
Applies to
- Cloud Volumes ONTAP (CVO)
- AWS
Issue
After modifying EBS disk tags in AWS, some CVO disks are encrypted with the default AWS KMS key instead of the intended customer-managed KMS key (CMK).
Cause
CVO provisioning code relying on the first volume in the list to determine the KMS key, which might be the default AWS key instead of the customer-managed key (CMK).
Solution
Deploy new CVO and migrate data.
OR
Please contact NetApp Technical Support or log into the NetApp Support Site to create a case. Reference this article for further assistance.
Partner Notes
partnerNotes_text
Additional Information
additionalInformation_text
Internal Notes
Workaround:
If immediate migration is not possible, consider the following (with caution and after thorough testing in a non-production environment):
- Add a new disk via NetApp Console/Cloud Manager, explicitly selecting the customer-managed CMK.
- Take a snapshot of an affected disk, then create a new volume from that snapshot using the correct CMK.
Note: These workarounds are not guaranteed in all scenarios and may have side effects. They must be tested thoroughly before production use. Modifying tags directly may further disrupt disk recognition and is not recommended without guidance from NetApp support.
