Work In Progressโ
- Its suspected the current bucket policy is blocking access. Customer would work with their AWS team to alter the existing bucket policy or create a bucket without KMS.
Completed Todayโ
- Added Network Policy to allow traffic on port 443. This is the default port S3 listens on.
- Checked and verified IAM permissions within the AWS Console.
- Checked the service account within the cluster and re-annotated.
Issues & Challengesโ
- Multiple attempts were made to upload a file to S3. However, S3 Service consistently responded with a "Permission Denied". After some investigation, it appeared KMS was enabled and blocking access.
Additional Notesโ
Team followed up on a question from the previous session:
- The team discussed the best way to configure connections for transferring files from multiple mainframe jobs to different S3 buckets. The team suggested using different consumers in File Gateway, each with its own bucket, and setting up static or dynamic routes to determine the destination based on file names or other criteria. They also mention the option of having multiple CD (Connect Direct) producers, each with different credentials, to handle the transfers to specific buckets.
The team provided additional documentation on this matter:
https://www.ibm.com/docs/en/b2b-integrator/6.1.2?topic=channels-about-routing
https://www.ibm.com/docs/en/b2b-integrator/6.1.2?topic=channels-about-routing-channel-templates
Trackingโ
- ibm-client-engineering/solution-sfg-aws#17
- This flight log is being submitted via PR "06/05/2023 Documentation"