Symantec Privileged Access Management

 View Only
  • 1.  Error to mount session recording on S3

    Posted 16 days ago
    Hi Experts,

    Below error prompted when try to mount session recordings on S3

    "PAM-CM-0420 = Can't write to S3 bucket, please check bucket permissions."

    We did refer to this tech tip - Tech Tip - CA Privileged Access Manager: S3 bucket for session recording or DB backup does not mount after upgrade to PAM 3.X (broadcom.com) and reconfirm there is no periods in the bucket name.

    Also, we have referred on this KB Cannot Mount S3 (broadcom.com) - the VPC ID and CIDR correctly configured.

    Please advise what should I do to resolve the issue.

    Thank you,
    Atifah


  • 2.  RE: Error to mount session recording on S3

    Broadcom Employee
    Posted 15 days ago
    Hello Atifah,

    Can you share what you see in your AWS as per the resolution provided in the KB article?
    ======

    Ultimately when deploying a PAM instance in AWS, the instance should have a VPCID associated with it.  Then lookup the Amazon AWS Security Group for that VPCID and it should have a CIDR off the network who can access this s3 bucket.

    If we are unable to mount than the VPCID and the Security Group CIDR permissions for the private network where our PAM Appliance lives - has not been setup.

    Example: PAM Instance has a VPC ID = vpc-b00219d7 the Private Network =172.31.x.x

    If you lookup the AWS security group for this VPCID it should have a CIDR of:

    172.31.0.0/16
    ======

    Also, check if the S3 bucket is allowed to accept incoming traffic from CA PAM, and check the firewall setting if any is being blocked.

    The documentation link from CA PAM
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-1/deploying/deploy-on-an-aws-amazon-machine-image-ami/create-aws-objects.html

    Thanks,
    Reatesh.




  • 3.  RE: Error to mount session recording on S3

    Posted 9 days ago
    Hi Reatesh,

    Here is the view from PAM client and the CIDR from AWS Security Group


    No firewall blocking.
    How can I check if the S3 bucket allow the traffic from CA PAM?

    Thank you,
    Atifah