DrDroid

AWS Kinesis KMSDisabledException

The KMS key used for encryption is disabled.

👤

Stuck? Let AI directly find root cause

AI that integrates with your stack & debugs automatically | Runs locally and privately

Download Now

What is AWS Kinesis KMSDisabledException

Understanding AWS Kinesis

AWS Kinesis is a platform on AWS to collect, process, and analyze real-time, streaming data. It allows developers to build applications that can continuously ingest and process large streams of data records in real-time. Kinesis is commonly used for log and event data collection, real-time analytics, and application monitoring.

Identifying the Symptom

When working with AWS Kinesis, you might encounter the KMSDisabledException error. This error typically manifests when you attempt to read from or write to a Kinesis stream that is encrypted with a KMS key that has been disabled. The error message will indicate that the KMS key is not enabled, preventing the operation from proceeding.

Common Error Message

The error message might look like this:

{ "__type": "KMSDisabledException", "message": "The KMS key used for encryption is disabled."}

Explaining the Issue

The KMSDisabledException occurs when the AWS Key Management Service (KMS) key used to encrypt the Kinesis stream is disabled. KMS keys are crucial for securing data in AWS services, and if a key is disabled, any service relying on it for encryption or decryption will fail to operate correctly.

Why Does This Happen?

This issue often arises when a KMS key is intentionally disabled for security reasons or accidentally during key management operations. It is essential to ensure that all keys required for active services are enabled.

Steps to Resolve the Issue

To resolve the KMSDisabledException, you need to enable the KMS key or switch to a different key that is enabled. Follow these steps:

Step 1: Identify the KMS Key

First, identify the KMS key associated with your Kinesis stream. You can find this information in the AWS Management Console under the Kinesis stream settings or by using the AWS CLI:

aws kinesis describe-stream --stream-name

Step 2: Enable the KMS Key

Once you have identified the key, navigate to the AWS KMS console. Locate the key and check its status. If it is disabled, enable it by selecting the key and choosing the 'Enable' option.

Alternatively, you can use the AWS CLI to enable the key:

aws kms enable-key --key-id

Step 3: Verify the Resolution

After enabling the key, test your Kinesis stream operations to ensure that the error is resolved. You should no longer encounter the KMSDisabledException.

Additional Resources

For more information on managing KMS keys, refer to the AWS KMS Developer Guide. To learn more about AWS Kinesis, visit the AWS Kinesis product page.

AWS Kinesis KMSDisabledException

TensorFlow

  • 80+ monitoring tool integrations
  • Long term memory about your stack
  • Locally run Mac App available
Read more

Time to stop copy pasting your errors onto Google!