We have deployed it on eu-west-2 region and it is all running on as single network called PAS which is split across the 3 AZs in London. We've checked the security groups that are attached and it has TCP access to the entire VPC cidr block.
We are using route53 private zones to resolve our DNS but when we run the command you provided we get the result;
Invoke-WebRequest : The remote name could not be resolved: 'api.sys.<URL>'
At line:1 char:1
+ Invoke-WebRequest -UseBasicParsing https://api.sys.<URL> ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
I have also tried pinging the cloud controller directly using its private IP address and getting TCP connect errors.
I've run the errands manually using the bosh command and it looks like one of the instances can communicate 😕 but the other 2 can't. the one that can connect is running on eu-west-2a, we have cloud controllers running on eu-west-2a and 2b. It's weird it seems like the ones running on 2b and 2c can't resolve the private hosted zone.