One of the more challenging things to debug within AWS is where you attempt to start an EC2 instance which has attached KMS encrypted EBS volumes, with the corresponding CMK key policy not granting the EC2 service the permissions it needs. We now provide warnings within the action view where a selected tag group targets an EC2 instance of this type so that users can update the policy within their environment.