- Newest
- Most votes
- Most comments
Hello Eduard. Are you receiving any error messages for the lifecycle policy within Amazon CloudWatch Events or CloudTrail Events?
The following are common reasons that your lifecycle policy is in an error state, or fails to create or copy Amazon Elastic Block Store (Amazon EBS) snapshots:
- The lifecycle policy isn't turned on.
- There are incorrect permissions on the policy.
- You're using an AWS Identity and Access Management (IAM) role other than the default AWSDataLifecycleManagerDefaultRole, and there are issues with trust relationships.
- There are duplicate tags on the policy.
- There are duplicate tags on the policy.
- Your resources are encrypted.
Creating a snapshot lifecycle policy
When creating a snapshot lifecycle policy, to copy all of the user-defined tags from the source volume to the snapshots created by the schedule, select Copy tags from source. To specify additional tags to assign to snapshots created by this schedule, choose Add tags.
The lifecycle policy is in an error state
A lifecycle policy in the error state can be caused by one or more of these issues:
- There is a problem with your resource tags.
- The Amazon Data Lifecycle Manager permissions aren't correct.
- The IAM permissions aren't correct.
In addition, if you're using a custom IAM role, a trust relationship might not be attached to the role.
View information about what caused the error state by checking Amazon CloudWatch Events. The following are common errors and resolutions:
Duplicate tag key
If there are duplicate tags in your lifecycle policy, then a CloudTrail Event similar to the following appears. In the following example, the tag key Name is duplicated in the policy.
CreateSnapshot @2018-12-24T20:25:58.000Z UTC"errorCode": "Client.InvalidParameterValue",
"errorMessage": "Duplicate tag key 'Name' specified.",
"requestParameters": {
"volumeId": "vol-xxxxxxxxxxxx",
"description": "Created for policy: policy-xxxxschedule: First Schedule",
- Open the Amazon EC2 console.
- Select Lifecycle Manager.
- Select your lifecycle policy, and then choose Actions, Modify Lifecycle Policy.
- In the Tag created EBS snapshots section, change the Key on the duplicated tag to a unique name.
- Select Update policy.
Tag (Name) is already defined in resource id vol-xxxxxxxxxxxx
If a tag that's defined in your lifecycle policy is already in use in a different lifecycle policy, then you might have an issue if:
- The lifecycle policy is in the same account, and
- The lifecycle policy is for the same resource.
In this case, a CloudTrail Event similar to the following appears:
CreateSnapshots---------------------------------------------------------------------------------
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"eventTime": "2020-01-xxxxxxxx",
"eventSource": "ec2.amazonaws.com",
"eventName": "CreateSnapshots",
"awsRegion": "us-east-1",
"sourceIPAddress": "dlm.amazonaws.com",
"userAgent": "dlm.amazonaws.com",
"errorCode": "Client.InvalidParameterCombination",
"errorMessage": "Tag (Name) is already defined in resource id vol-xxxxxxxx.",
"requestParameters": {
"requestParameters": {
"CreateSnapshotsRequest": {
"Description": "Created for policy: policy-xxxxxxxschedule: Default Schedule",
"InstanceSpecification": {
"ExcludeBootVolume": false,
"InstanceId": "i-xxxxxxx"
},
A volume or instance can have more than one policy associated with it, but tags can't be duplicated across policies. For more information, see Considerations for Amazon Data Lifecycle Manager.
To correct this error, do the following:
- View your lifecycle policies to determine which tag is duplicated.
- Create a new lifecycle policy using a different tag, or edit your current lifecycle policy to use a different tag.
Client.AuthFailure
The "Client.AuthFailure" error might occur if the custom lifecycle policy or the IAM user don't have permissions set correctly. The following is an example of a Client.AuthFailure caused by an inaccessible key:
"Client.AuthFailure","errorMessage": "The specified keyId
arn:aws:kms:us-west-1:xxxxxxxxxxxxx:key/4ad6a1d7-53ac-45a3-8f08-e6eccc948fdd is not accessible",
For instructions on setting permissions for Amazon Data Lifecycle Manager, see Permissions for Amazon Data Lifecycle Manager.
For instructions on setting permissions for IAM users to use Amazon Data Lifecycle Manager, see Permissions for IAM users.
Please refer to the following documentation for additional information: https://repost.aws/knowledge-center/troubleshoot-data-lifecycle-manager-ebs.
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 2 years ago
- Accepted Answerasked 2 years ago
- How do I create Amazon Data Lifecycle Manager policies from selected EBS volumes in the EC2 console?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
I'm seeing the same issue. Was a solution found?