Problem description
Backup fails at during Indexing in CloudRanger with the Error:
Instance terminated early - please ensure FLS Network settings allow s3 connectivity for the indexer instances
Backups may fail with the Error above when you have enabled the feature 'Index all Backups' in your Account Settings in CloudRanger.
You can see the location where to enable or disable the feature ‘Index all Backups’ on the picture below:
When the feature 'Index all Backups' is enabled in your Account Settings in CloudRanger, an additional step is performed towards the end of each Backup that runs in CloudRanger.
This additional Step consists of indexing all Backups located on Amazon S3 after they are created.
Enabling the feature 'Index all Backups' allows users to perform File-Level Search (FLS) to search file systems within snapshots on your Backups sitting in Amazon S3.
This allows users to search files to confirm whether files exist in the Backup or if they have been deleted.
Note that the File Level Search feature is optional and does not impact your ability to perform a File-Level Restore in CloudRanger if needed.
For more information on the feature 'Index all Backups' please take a look at the article below:
Cause
This problem occurs when you have enabled the feature 'Index all Backups' in your Account Settings in CloudRanger but you do not meet the Network requirements for File Indexing.
During the File Indexing step, CloudRanger deploys temporary EC2 instances in a subnet within the VPC where your Backup Data is located in your AWS account.
These EC2 instances are called Indexer Instances and are used to perform the File Search during Backups. They are terminated when the Backup completes in CloudRanger.
For FLS indexing it is a requirement in AWS that the Subnet where these Indexer Instances are deployed, resides in a VPC that has outbound access to Amazon S3.
When the Indexer Instances are deployed in a subnet that does not have outbound access to Amazon S3, you receive the Error specified above.
Resolution
To resolve this problem and allow your Backups to run successfully you can choose one (01) of the options listed below:
Disable the feature 'Index all Backups' in your Account Settings in CloudRanger if File Indexing is not needed by unchecking the box 'Index all Backups' in your Account Settings.
For the following 2 options you will need to manually choose in which Subnet you want the Indexer EC2 instances to be deployed during the File Indexing step of the Backup.
Note that when no Subnet is specified, CloudRanger will try to use the Default Subnet, if available.
You can see the location where to select the Subnet on the picture below:
Use a public subnet which has public Internet access.
Using a public subnet will allow Indexer EC2 instances to access Amazon S3.
Use a private subnet
You may use a private subnet located in a VPC that has an S3 Endpoint to allow S3 access
ORYou may use a private subnet with an Internet Gateway, NAT Gateway, NAS device, or other that allows Amazon S3 access.
How to add an S3 endpoint to your VPC.
Go to VPC Management in the AWS Console AWS VPC
Choose endpoints from the left menu bar
Click create endpoint
For service name - choose 'com.amazonaws.[your-region].s3'
Select a VPC containing a subnet you wish to use for the FLS indexer instance.
Select a route table associated with your subnet
Click Create Endpoint.
You can find more information about the Amazon S3 access on the Amazon article below: https://aws.amazon.com/blogs/storage/managing-amazon-s3-access-with-vpc-endpoints-and-s3-access-points/