If you have configured a subscription and are getting an errorthat looks like the image below, most likely the permissions in the IAM credentials need to be adjusted.
NOTE: If your S3 bucket is encrypted, make sure CH Role has the right permissions to write to the S3. Once you have confirmed that proper permissions are configured continue with the steps below.
Please follow the help docs for S3 bucket subscriptions to resolve the issue. Tasks 3 and 4 in Step 1 show the IAM snippet that needs to be added:
-
In the AWS Console, select Services > IAM. From the left menu, select Policies and locate the IAM Access Policy you are using for the CloudHealth platform.
-
In the Permissions tab, click JSON and paste the following policy snippet. In this snippet,
cht-subscriptions
is the name of the S3 bucket you created. Replace this string with your bucket name.{ "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::cht-subscriptions", "arn:aws:s3:::cht-subscriptions/*" ] },
Click Save.
Through this policy snippet, your IAM credentials are used to write report subscriptions from the CloudHealth Platform to the S3 bucket