When attempting to create a new Service Engine (SE) in AWS Cloud, SE creation fails because the image generation process does not complete successfully.

AWS Cloud

A KMS encryption mismatch between the AWS cloud settings and the Avi controller configuration.

If encryption is enabled on the AWS side, the same encryption settings must be updated under the Avi Cloud configuration to match.

Check the following logs in: /var/lib/avi/log/cc_agent_go_CLOUD_NAME.log   (Replace CLOUD_NAME with the actual cloud name)


Example log entry showing the mismatch:
2025-09-01T07:13:32.430Z    INFO    aws/aws_image.go:393    Image ami-0da4d############ Snapshot snap-0a40f############ encryption mode  KMS mismatch with config nil

This indicates that AWS has encryption enabled, but Avi was configured with encryption mode as NONE.