Actions to be taken when the InstallationStatus item is not displayed (Cloud for AWS)

Virtual Storage Platform One SDS Block and SDS Cloud Troubleshooting Reference
Version
1.19.x
Audience
anonymous
Part Number
MK-24VSP1SDS029-03
ft:lastEdition
2026-04-07

If the information on the Output tab of the root stack does not show an item with the key "InstallationStatus" in the AWS Management Console, verify the following.

(a) Verify VPC configuration and Endpoints

Confirm the following for the VPC used to set up VSP One SDS Block.

You can also verify this by running the shell script described later.

  • The DNS resolution and DNS host name settings are enabled for the VPC.
  • The following VPC endpoints have been created.
    • CloudFormation
    • EC2
    • Amazon S3
    • EC2Message
    • SSM
    • SSMMessage
  • The VPC endpoint for Amazon S3 is a Gateway endpoint.
  • For other Interface endpoints, private DNS names are enabled.

You can verify the these items by running the following shell script.

On a VM capable of running AWS CLI, such as CloudShell, save the following shell script as a file with any name and execute it.

Enter the region for storage cluster configuration for REGION and the VPC ID for VPC_ID.

In the following shell script example, long command lines begin on a new line delimited by "\."

Shell script example:
#!/bin/bash

#Enter the VPC ID and region for deploying the cluster.
REGION="<region-for-storage-cluster-configuration>"
VPC_ID="<VPC-ID>"

value=$(aws ec2 describe-vpc-attribute \
--region "${REGION}" --vpc-id "${VPC_ID}" \
--attribute enableDnsSupport | jq -r '.EnableDnsSupport.Value')
if [ "${value}" = "true" ]; then
  echo "OK. The enableDnsSupport of the VPC(${VPC_ID}) is ${value}"
else
  echo "NG. The enableDnsSupport of the VPC(${VPC_ID}) is ${value}"
fi

value=$(aws ec2 describe-vpc-attribute \
--region "${REGION}" --vpc-id "${VPC_ID}" \
--attribute enableDnsHostnames | jq -r '.EnableDnsHostnames.Value')
if [ "${value}" = "true" ]; then
  echo "OK. The enableDnsHostnames of the VPC(${VPC_ID}) is ${value}"
else
  echo "NG. The enableDnsHostnames of the VPC(${VPC_ID}) is ${value}"
fi

NEEDED_ENDPOINTS=(
          "com.amazonaws.${REGION}.s3"
          "com.amazonaws.${REGION}.ec2"
          "com.amazonaws.${REGION}.ec2messages"
          "com.amazonaws.${REGION}.ssm"
          "com.amazonaws.${REGION}.ssmmessages"
          "com.amazonaws.${REGION}.cloudformation"
    )

found_endpoints=$(aws ec2 describe-vpc-endpoints --region "${REGION}" \
--filters Name=vpc-id,Values="${VPC_ID}" --query VpcEndpoints \
--output json)

for needed_enp in "${NEEDED_ENDPOINTS[@]}"; do
  count=$(echo "${found_endpoints}" | jq 'length')
  has_needed_endpoint=1
  is_correct_setting=1
  if [ "${needed_enp}" = "com.amazonaws.${REGION}.s3" ]; then
    for ((i=0; i<${count}; i++)); do
      endpoint=$(echo "${found_endpoints}" | jq ".[$i]")
      service_name=$(echo "${endpoint}" | jq -r '.ServiceName')
      if [ "${service_name}" = "${needed_enp}" ]; then
        has_needed_endpoint=0
        type=$(echo "${endpoint}" | jq -r '.VpcEndpointType')
          if [ "${type}" = "Gateway" ]; then
            endpoint_id=$(echo "${endpoint}" | jq -r '.VpcId')
            echo -n "OK. A Gateway type S3 endpoint(${endpoint_id}) "
            echo "has been found."
            is_correct_setting=0
          fi
      fi
    done
    if [ "${has_needed_endpoint}" -eq 1 ]; then
      echo "NG. ${needed_enp} cannot be found."
    else
      if [ "$is_correct_setting" -eq 1 ]; then
        echo "NG. The type of ${needed_enp} is not Gateway."
      fi
    fi
  else
    for ((i=0; i<${count}; i++)); do
      endpoint=$(echo "${found_endpoints}" | jq ".[$i]")
      service_name=$(echo "${endpoint}" | jq -r '.ServiceName')
      if [ "${service_name}" = "${needed_enp}" ]; then
        has_needed_endpoint=0
        
        privateDnsEnabled=$(echo "${endpoint}" | \
        jq -r '.PrivateDnsEnabled')
        if [ "${privateDnsEnabled}" = "true" ]; then
            endpoint_id=$(echo "${endpoint}" | jq -r '.VpcId')
            echo "OK. ${needed_enp}(${endpoint_id}) has been found."
            is_correct_setting=0
        fi
      fi
    done
    if [ "${has_needed_endpoint}" -eq 1 ]; then
      echo "NG. ${needed_enp} cannot be found."
    else
      if [ "$is_correct_setting" -eq 1 ]; then
        echo "NG. The private DNS name for ${needed_enp} is not enabled."
      fi
    fi
  fi
done

(b) Verify network connectivity to VPC endpoints

Confirm that communication to the VPC endpoint is possible from the network interface of the storage node EC2 instance.

You can use the Reachability Analyzer to verify network reachability from the network interface to the VPC endpoint.

For details about the Reachability Analyzer, see the following website.

https://docs.aws.amazon.com/vpc/latest/reachability/what-is-reachability-analyzer.html

When using the Reachability Analyzer, verify that the following paths are reachable.

Item Description
Path source Source type Network Interfaces
Source

For Single-AZ configuration: The control network interface of the storage node (SN01)*

For Multi-AZ configurations: The control network interface of the storage node (tiebreaker node)*
Path destination Destination type VPC Endpoints
Destination Each endpoint
Protocol TCP

* The EC2 instance of the storage node is named <ClusterName>_SN01 (or <ClusterName>_TB for the tiebreaker node). Specify the interface created in the subnet of the control network to which that EC2 instance belongs. To locate the storage node EC2 instance in the CloudFormation stack, navigate the nested stacks from the stack's Resources tab, and find the EC2 instance in the StorageNode01 stack (or StorageNodeTB stack for tiebreaker node).