Wondering how to resolve instance terminated immediately when launched on EC2? We can help you.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how our Support Techs fix this for customers.
What causes instance terminated immediately when launched on EC2?
Following are some of the causes for instance to terminate.
- You’ve exceeded your EBS volume limits.
- An EBS snapshot is corrupted.
- The root EBS volume has encryption and you do not have permissions to access the KMS key for decryption.
- A snapshot specified in the block device mapping for the AMI has encryption and you do not have permissions to access the KMS key for decryption or you do not have access to the KMS key to encrypt the restored volumes.
- The instance store-backed AMI that you used to launch the instance is missing a required part (an image.part.xx file).
Find the termination reasons using one of the following methods:
To get the termination reason using the Amazon EC2 console
- Firstly, open the Amazon EC2 console.
- In the navigation pane, choose Instances, and select the instance.
- On the first tab, find the reason next to State transition reason.
To get the termination reason using the AWS Command Line Interface
- Use the describe-instances command and specify the instance ID.
aws ec2 describe-instances --instance-idinstance_id - Review the JSON response returned by the command and note the values in the
StateReasonresponse element.The following code block shows an example of aStateReasonresponse element."StateReason": { "Message": "Client.VolumeLimitExceeded: Volume limit exceeded", "Code": "Server.InternalError" },
To get the termination reason using AWS CloudTrail
See Viewing events with CloudTrail event history in the AWS CloudTrail User Guide.
How to resolve instance terminated immediately when launched on EC2?
Today, let us see the steps followed by our Support Techs to resolve it.
Depending on the termination reason, take one of the following actions:
- Client.VolumeLimitExceeded: Volume limit exceeded — Delete unused volumes. You may also need to increase your volume limit.
- Client.InternalError: Client error on launch — Ensure that you have the permissions required to access the AWS KMS keys used to decrypt and encrypt volumes.
Permission that Allows key users to use the CMK
The default key policy that the console creates for symmetric CMKs allows you to choose IAM users and roles in the account, and external AWS accounts, and make them key users.
The console adds two policy statements to the key policy for key users.
- Use the CMK directly — The first key policy statement gives key users permission to use the CMK directly for all supported cryptographic operations for that type of CMK.
- Use the CMK with AWS services — The second policy statement gives key users permission to allow AWS services that are integrated with AWS KMS to use the CMK on their behalf to protect resources, such as Amazon Simple Storage Service buckets and Amazon DynamoDB tables.
[Need help with the troubleshooting? We’d be happy to assist]
Conclusion
In short, today we saw how our Support Techs resolved instance termination issue.
0 Comments