CPM may malfunction if security group is misconfigured

CPM may malfunction if security group is misconfigured

CPM may malfunction if security group is misconfigured.

For example CPM may experience slow response and timeout in CPM console/GUI when adding backup targets:
ERROR:  policy_add_databases(.\cpmserver\cpm\views.py:3415)  rds.RDSConnection or cpm_describe_db_instances() failed (policy=Linux_backup, region=us-east-1): ('Error', "Failed getting RDS instances (Unknown Exception: HTTPSConnectionPool(host='rds.amazonaws.com', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<botocore.awsrequest.AWSHTTPSConnection object at 0x7f212ee17a10>, 'Connection to rds.amazonaws.com timed out. (connect timeout=60)')))")
...
ERROR:  policy_add_rds_clusters(.\cpmserver\cpm\views.py:3673)  rds.RDSConnection or  get_all_dbinstances failed (policy=Linux_backup, region=us-east-1): exception: HTTPSConnectionPool(host='rds.amazonaws.com', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<botocore.awsrequest.AWSHTTPSConnection object at 0x7f212e5fa7d0>, 'Connection to rds.amazonaws.com timed out. (connect timeout=60)'))
...
ERROR:  policy_add_clusters(.\cpmserver\cpm\views.py:3938)  connect_to_aws() or  describe_clusters() failed (policy=Linux_backup, region=us-east-1): exception: timed out

Publishing SNS alerts/Daily Summary may fail as well:
ERROR:  send_push_alert_inner(.\cpmserver\cpm\notifications.py:447)  Failed publishing alert: Policy Linux_backup (user: admin, account: AWSbackup) - backup that started at 03/05/2018 01:05:42 AM failed. Last successful backup was at 02/25/2018 11:10:00 PM. Reason: timed out

Also CPM backups may fail:
ERROR:  run_snapshots(.\cpmagent\agent.py:1188)  (instance: i-02518a63d4724726b) could not get object from aws. Reason: timed out Exception: timed out
...
ERROR:  do_snapshots(.\cpmagent\agent.py:2006)  policy: Linux_backup. All Snapshots in policy failed!
or
Error - Backup is aborted due to an internal agent error

Solution - Ensure security group is configured correctly to allow outbound access to AWS endpoints. At a minimum you will need endpoints for the following services: API Gateway, EC2 service, Key Management Service, Redshift service, Relational Database Service (RDS), Security Token Service (STS), Simple Notification Service (SNS), Simple Storage Service (S3) and VPC.

Another possible root cause could be slow/unresponsive proxy.