User configures network settings of a VM in a VPG to something different from the ZCA network settings, in terms of selected VPC, Subnet, and Security Group.

As a result, recovery to AWS will fail with the following error message:

Unable To Access S3 Bucket {aa} Which Is Required For Recovery Operations. Make Sure The Following Recovery Have Access To S3: VPC ID {yy} , Subnet Id {tt} , Security Group Id {ff}    




   No access from the zImporter instance(s) to the ZCA's S3 bucket because VPC and/or Subnet and/or Security Group configured in the VPG do not have access to the S3 ZCA bucket.

There is no validation in Edit/Create VPG and thus a user will not know recovery to AWS will fail until an attempt is made.    





1. Modify the selected VPC, Subnet, and Security Group so they can access the ZCA S3 bucket.


2. Choose different network settings that do have access to the ZCA S3 bucket.

In order to setup access to the S3 bucket:

1. Create an S3 endpoint in the VPC.
2. Set the Outbound rules of the Security Group to allow all traffic.

NOTE: This is required because of IAM services that must be reached but no VPC endpoint can be created in AWS currently.