Why my Ec2 instance got stopped automatically at Aug 1 2024 3.30 AM by Aws internal agent in event name RetireGrant?

0

The cloudtrail event details i am giving below

Event name - RetireGrant

Event time - August 01, 2024, 03:30:22 (UTC+05:30)

User name - -

Event source - kms.amazonaws.com

Resource type - AWS::KMS::Key

Resource name - arn:aws:kms:ap-south-1:2

i am also providing few details in json of it { "eventVersion": "1.09", "userIdentity": { "type": "AWSService", "invokedBy": "AWS Internal" }, "eventTime": "2024-07-31T22:00:22Z", "eventSource": "kms.amazonaws.com", "eventName": "RetireGrant", "awsRegion": "ap-south-1", "sourceIPAddress": "AWS Internal", "userAgent": "AWS Internal", "requestParameters": null,

1 Answer
1
Accepted Answer

The "RetireGrant" event indicates that a grant associated with the KMS key was retired or revoked. This could have happened for a few reasons:

  1. The grant may have reached its expiration date or been manually revoked by an administrator.
  2. The KMS key itself may have been scheduled for retirement or deletion, which would have triggered the revocation of any associated grants.
  3. There may have been a security or compliance-related reason to retire the grant, such as a change in access policies or key usage requirements.
profile picture
answered a month ago
profile picture
EXPERT
reviewed a month ago
  • And this does not have anything to do with an EC2 instance being stopped, so perhaps you have the wrong call? EC2 Instances being stopped would be the result of a StopInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_StopInstances.html) call. Look through your CloudTrail for a StopInstances call, for the instance ID in question and post the json of the event here.

  • As per Max Clements i was not able to see any stop instance in the cloudtrail at the time instance stopped.. Also when i started ec2 instance manually creategrant event also created automatically along with start instance event...AWS internal agent automatically stopped my instance and did'nt started it automatially

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions