Hello Atifah,
Can you share what you see in your AWS as per the resolution provided in the KB article?
======
Ultimately when deploying a PAM instance in AWS, the instance should have a VPCID associated with it. Then lookup the Amazon AWS Security Group for that VPCID and it should have a CIDR off the network who can access this s3 bucket.
If we are unable to mount than the VPCID and the Security Group CIDR permissions for the private network where our PAM Appliance lives - has not been setup.
Example: PAM Instance has a VPC ID = vpc-b00219d7 the Private Network =172.31.x.x
If you lookup the AWS security group for this VPCID it should have a CIDR of:
172.31.0.0/16
======
Also, check if the S3 bucket is allowed to accept incoming traffic from CA PAM, and check the firewall setting if any is being blocked.
The documentation link from CA PAM
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-1/deploying/deploy-on-an-aws-amazon-machine-image-ami/create-aws-objects.html
Thanks,
Reatesh.
Original Message:
Sent: Nov 17, 2022 04:30 AM
From: Atifah Abdul Latif
Subject: Error to mount session recording on S3
Hi Experts,
Below error prompted when try to mount session recordings on S3
"PAM-CM-0420 = Can't write to S3 bucket, please check bucket permissions."
We did refer to this tech tip - Tech Tip - CA Privileged Access Manager: S3 bucket for session recording or DB backup does not mount after upgrade to PAM 3.X (broadcom.com) and reconfirm there is no periods in the bucket name.
Also, we have referred on this KB Cannot Mount S3 (broadcom.com) - the VPC ID and CIDR correctly configured.
Please advise what should I do to resolve the issue.
Thank you,
Atifah