Copy Job failing with "The source snapshot KMS key ... does not exist, is not enabled or you do not have permissions to access it."

[n-i-k-d]

What exactly are you trying to do?

I integrated and applied the terraform-aws-backup modules into my repo (https://github.com/NHSDigital/pathways-client/) and have had the first overnight backup run last night. Upon checking this morning, the copy job failed with the error "The source snapshot KMS key ... does not exist, is not enabled or you do not have permissions to access it."

What have you tried so far?

The source RDS/SQL Server database is encrypted with the default aws/rds AWS Managed Key, which the error message refers to. A couple of options spring to mind, either reconfigure the RDS instance to use a CMK, or (if possible) grant the backup role access to the AMK.
What is the recommended approach for RDS/SQL Server when used with this blueprint?

Output of any commands you have tried

Output of the copy job:
The source snapshot KMS key [arn:aws:kms:eu-west-2:xxxxxxxxxxxx:key/2418b96d-a721-436d-be3c-07279b84a85c] does not exist, is not enabled or you do not have permissions to access it.

Additional context

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Sensitive Information Declaration

• I confirm that neither PII/PID nor sensitive data are included in this form