search cancel

Cloud Watch error in AWS Management Console launched by PAM

book

Article ID: 212538

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

 The AWS Management Console is throwing errors when Cloud Watch is launched: 

Cause

For some accounts, the search may redirect to URLs that are not covered in the default access list defined in the "AWS Management Console SSO" service in PAM. The PAM session logs should have a message if a service tries to access a URL that is not allowed. In this case, it involved URLs ending in aws.a2z.com, a valid AWS domain.

Environment

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Adding *.aws.a2z.com to the access list in the PAM service "AWS Management Console SSO" resolved the problem. 

The aws.a2z.com domain is added by default on PAM 3.4.4, 4.0.1 and 4.1. 

Attachments