Symptoms:
User configures network settings of a VM in a VPG to something different from the ZCA network settings, in terms of selected VPC, Subnet, and Security Group.
As a result, recovery to AWS will fail with the following error message:
Unable To Access S3 Bucket {aa} Which Is Required For Recovery Operations. Make Sure The Following Recovery Have Access To S3: VPC ID {yy} , Subnet Id {tt} , Security Group Id {ff}
Cause:
No access from the zImporter instance(s) to the ZCA's S3 bucket because VPC and/or Subnet and/or Security Group configured in the VPG do not have access to the S3 ZCA bucket.
There is no validation in Edit/Create VPG and thus a user will not know recovery to AWS will fail until an attempt is made.
Solution:
Workaround
1. Modify the selected VPC, Subnet, and Security Group so they can access the ZCA S3 bucket.
-OR-
2. Choose different network settings that do have access to the ZCA S3 bucket.
In order to setup access to the S3 bucket:
1. Create an S3 endpoint in the VPC.
2. Set the Outbound rules of the Security Group to allow all traffic.
NOTE: This is required because of IAM services that must be reached but no VPC endpoint can be created in AWS currently.