Databricks Community

xx123 · 4 weeks ago

Hey,

We just established new environment based on AWS. Our first step was to create Cluster but while doing so, we have encountered an error. We tried different policies, configurations and instance types. All resulted in:

Aws Invalid Kms Key State:
The VM was terminated due to invalid KMS key. [details] Client.InvalidKMSKey.InvalidState: Client.InvalidKMSKey.InvalidState: The KMS key provided is in an incorrect state(OnDemand)

Any clues how to fix it? What part of config I did messed up? 🙂

xx123 · 3 weeks ago

Yes, I followed this document and that fixed it. Thanks.

View solution in original post

SP_6721 · 4 weeks ago

Hi @xx123 ,

The error indicates that the AWS KMS key used for encryption is either misconfigured or missing required permissions.

Make sure the KMS key is enabled
Verify that the KMS key and your Databricks workspace are in the same AWS region
Update the key policy to include your Databricks cross-account IAM role with the following permissions:
kms:CreateGrant, kms:Decrypt, kms:GenerateDataKey*, kms:DescribeKey
Ensure the IAM role ARN is properly included in the key policy

xx123 · 3 weeks ago

Yes, I followed this document and that fixed it. Thanks.

Databricks Community

"Aws Invalid Kms Key State" when trying to start new cluster on AWS

Join Us as a Local Community Builder!

Are you part of a Databricks user group in your city/region?

How Unity Catalog Managed Tables Automate Performance at Scale

🚀 INTRODUCING NEW COMBINATIONS! - Monthly Databricks Get Started Days 🚀

Welcome to the North East UK User Group!