My team and I have recently experienced an odd issue regarding the AWS CLI.
We are trying to use the CLI to start and stop several EC2 instances. While testing commands on single instances we have noticed that it is possible to 'stop-instances' using the CLI, but are unable to 'start-instances' using the CLI. We are able to start instances without any issue from the AWS console.
When attempting to start the instance from the CLI, the state switches from 'stopped' to 'pending', but shortly after it switches back to 'stopped'. The reason for that state is described as 'Client.InternalError: Client error on launch'. The access keys used have access to stop and start instance
(running with dry-run option shows this).
Any ideas?
Best Answer
As Michael has stated in the comments, the issue was permissions.
The only permission required was 'kms:CreateGrant' which has been added to the service user used to run the CLI commands.