Message 19011: AWS Policy %s missing.

book

Article ID: 7955

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

When the user tries to login to the AWS console using an AWS target account that requires permission to autoconnect and to view the password, he sees the following message:
“Message 19011: AWS Policy %s missing.” 
or
"PAM-CMN-1039 = AWS Policy {0} missing."

Cause

We identified a problem caused by the Password View Policy (PVP) when it includes the “Re-authenticate for Auto-Connect” option.

In this case we allow the access, once the (user) password is re-entered. Obviously this causes disconnection of the AWS policy ID and displaying the error indicated above.

So the policy is not missing, the system just lost its ID. 

 

Environment

CA PAM 2.8.x
CA PAM 3.x

Resolution

Fix is included in release 3.3.

As a workaround we suggest to only enable the dual-auth.
Once the request is approved, the user can access  the web portal.