• When configuring an AWS data source in VCF Operations for Networks, while the credentials are being validated, an error similar to the following is generated:
  
  Failed: AWS: Hostname/IP is unreachable.
  
  
• There is a firewall between the collector node and the internet that only allows traffic to some AWS regions.
• From the collector node, you are able to ping the allowed AWS regions.
• Messages similar to the following are present in the /var/log/arking/collector.log file on the collector node:
  
  

  2025-10-07T18:18:59.000979Z ERROR collector 6490 [netw@4413 class="impl.aws.AwsPermissionsValidator" thread="aws-region-tasks-exec-10" method="verifyRegion" line="327"] exception while ec2.describeInstances for region ap-southeast-1com.amazonaws.SdkClientException: Unable to execute HTTP request: Connect to ec2.ap-southeast-1.amazonaws.com:443 [ec2.ap-southeast-1.amazonaws.com/47.128.6.75] failed: Connect timed out

  Note: These messages are only present for regions that are not allowed through the firewall.

VCF Operations for Networks

When validating the credentials, access to all AWS regions is checked. If this check fails for any region, the validation step will fail and the AWS data source cannot be added.

This is a known issue affecting VCF Operations for Networks. There is currently no resolution.

To workaround this issue, allow access to all AWS regions only during the time that the data source is being configured. Once the data source is configured, the firewall rules affecting AWS region access can be reverted.