Symptoms:

   

   User configures network settings of a VM in a VPG to something different from the ZCA network settings, in terms of selected VPC, Subnet, and Security Group.

As a result, recovery to AWS will fail with the following error message:

Unable To Access S3 Bucket {aa} Which Is Required For Recovery Operations. Make Sure The Following Recovery Have Access To S3: VPC ID {yy} , Subnet Id {tt} , Security Group Id {ff}    

 


Cause:

   

   No access from the zImporter instance(s) to the ZCA's S3 bucket because VPC and/or Subnet and/or Security Group configured in the VPG do not have access to the S3 ZCA bucket.

There is no validation in Edit/Create VPG and thus a user will not know recovery to AWS will fail until an attempt is made.    

 


Solution:

       

Workaround

1. Modify the selected VPC, Subnet, and Security Group so they can access the ZCA S3 bucket.

-OR-

2. Choose different network settings that do have access to the ZCA S3 bucket.

In order to setup access to the S3 bucket:

1. Create an S3 endpoint in the VPC.
2. Set the Outbound rules of the Security Group to allow all traffic.

NOTE: This is required because of IAM services that must be reached but no VPC endpoint can be created in AWS currently.