ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Cloud Watch error in AWS Management Console launched by PAM

book

Article ID: 212538

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

 The AWS Management Console is throwing errors when Claud Watch is launched: 

Cause

For some accounts, the search may redirect to URLs that are not covered in the default access list defined in the "AWS Management Console SSO" service in PAM. The PAM session logs should have a message if a service tries to access a URL that is not allowed. In this case, it involved URLs ending in aws.a2z.com, a valid AWS domain.

Environment

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Adding *.aws.a2z.com to the access list in the PAM service "AWS Management Console SSO" resolved the problem. Review the PAM session logs for any other URLs whose access may be denied.

As of May 2021, the aws.a2z.com domain is scheduled to be added by default in future maintenance and main releases, starting with 3.4.4, 4.0.1 and 4.1. No other domain was identified that should be included by default at this time.

Attachments