Configuring BYOC edge nodes via Terraform provider v1.25.0. The genesyscloud_edge_node resource fails during apply with a TLS handshake timeout when the AWS security group blocks port 443 to the Genesys Cloud endpoints. Is it possible to force an unencrypted health check for initial provisioning?
Make sure you check the Terraform provider documentation for the genesyscloud_edge_node resource because forcing an unencrypted health check isn’t supported for BYOC edges due to strict security requirements in the Genesys Cloud architecture. The TLS handshake timeout usually indicates that the outbound connectivity from the AWS instance isn’t reaching the specific Genesys Cloud endpoints required for edge registration, not just port 443. You likely need to whitelist the exact IP ranges listed in the Genesys Cloud Network Requirements guide rather than opening a broad rule. From a workforce management perspective, we see similar connectivity delays when agents try to log in from restricted networks, so the fix is always precise firewall rules. Try using the curl command from the EC2 instance to verify connectivity to api.mypurecloud.com and the edge-specific endpoints before re-running the Terraform apply. If the ports are open but it still times out, check the AWS Security Group inbound rules to ensure they allow traffic from the Genesys Cloud IPs, not just outbound. This approach ensures the edge can establish the secure channel needed for initial provisioning without compromising security standards.