Configuration for Public subnet

For a public subnet you need to ensure the below:

• Subnet which you specified for the DR failover has internet access: This subnet is specified under DR plan > Network Mappings.
  

  To verify if the subnet has internet access: Go to the AWS console > VPC > Subnet > Check if the route table is attached to an internet gateway.

  OR

  We can also try to ping s3 ( s3-<region>.amazonaws.com) and sqs URL (sqs.<region>.amazonaws.com) from an instance in the same subnet.

  For example : 
  S3-us-east-1.amazonaws.com
   sqs.us-east-1.amazonaws.com
  

• Verify if the Auto-Assign IP address is set to Auto-Assign: Go to DR Plan > Virtual Machines > VM Failover Settings >  Network settings. 
  

Configuration for Private subnet

For a private subnet ensure the following:

S3 endpoint is created: 

To create S3 endpoint, go to the target VPC and go to endpoints and create an endpoint.

1. Click on Create Endpoint. 
2. Select AWS services as Service Category. 
3. In the Service Name field search for S3 and you will find the service name.
4. From the VPC dropdown list, select the VPC.
5. From the Configure route tables list select the route table.

SQS endpoint is created: 

To create SQS endpoint go to the target VPC and go to endpoints and create an endpoint.

1. Click on Create Endpoint. 
2. Select AWS services as Service Category. 
3. In the Service Name field search for SQS and you will find the service name.
4. Select the VPC and choose the appropriate Subnet.

For more information, see  Create SQS endpoint for private subnets if sqs is not accessible. 

• Also, if you have a dedicated Security Group, ensure the following for the inbound rules in the security group.

  Inbound
  Source	Type	Protocol	Port Range
  0.0.0.0/0	SSH	TCP	22
  0.0.0.0/0	HTTPS	TCP	443

  By default, all outgoing traffic is allowed. Customers can specify their own settings.