Hi,
I'm trying to deploy a Sophos UTM solution via CloudFormation template. The requirement is to enforce server side encryption for S3 bucket to which the files are dumped, which is done using bucket policy.
Currently ha_aws bogs out with:
E, [2016-05-06T14:29:27.299850 #1635] ERROR -- : CloudManager::Infrastructure::DataService::Confd crashed!
AWS::S3::Errors::AccessDenied: Access Denied
I have made a ruby script on that box to prove that I get access denied when writing without encryption, enabling server_side_encryption on the script fixes the issue. Anyone is able to point out how to configure UTM to use the encryption?
Full error:
E, [2016-05-06T14:29:27.299850 #1635] ERROR -- : CloudManager::Infrastructure::DataService::Confd crashed!
AWS::S3::Errors::AccessDenied: Access Denied
/usr/lib/ruby/gems/2.0.0/gems/aws-sdk-1.49.0/lib/aws/core/client.rb:375:in `return_or_raise'
/usr/lib/ruby/gems/2.0.0/gems/aws-sdk-1.49.0/lib/aws/core/client.rb:476:in `client_request'
(eval):3:in `put_object'
/usr/lib/ruby/gems/2.0.0/gems/aws-sdk-1.49.0/lib/aws/s3/s3_object.rb:1754:in `write_with_put_object'
/usr/lib/ruby/gems/2.0.0/gems/aws-sdk-1.49.0/lib/aws/s3/s3_object.rb:609:in `write'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/common/domain/model/bookkeeper.rb:50:in `block in save'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/common/domain/model/network_retry.rb:17:in `with_retry_on_network_errors'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/common/domain/model/bookkeeper.rb:50:in `save'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/common/domain/model/bookkeeper.rb:32:in `set'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/cloud-manager/domain/model/backup_collection.rb:64:in `_initialize'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/cloud-manager/domain/model/backup_collection.rb:26:in `initialize'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/cloud-manager/infrastructure/backup_collection/confd.rb:9:in `initialize'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/cloud-manager/domain/model/data_service.rb:128:in `new'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/cloud-manager/domain/model/data_service.rb:128:in `collection='
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/cloud-manager/domain/model/data_service.rb:25:in `initialize'
/usr/lib/ruby/vendor_ruby/2.0.0/i686-linux/cloud-manager/infrastructure/data_service/confd.rb:14:in `initialize'
/usr/lib/ruby/gems/2.0.0/gems/celluloid-0.15.2/lib/celluloid/calls.rb:25:in `public_send'
/usr/lib/ruby/gems/2.0.0/gems/celluloid-0.15.2/lib/celluloid/calls.rb:25:in `dispatch'
/usr/lib/ruby/gems/2.0.0/gems/celluloid-0.15.2/lib/celluloid/calls.rb:67:in `dispatch'
/usr/lib/ruby/gems/2.0.0/gems/celluloid-0.15.2/lib/celluloid/actor.rb:322:in `block in handle_message'
/usr/lib/ruby/gems/2.0.0/gems/celluloid-0.15.2/lib/celluloid/actor.rb:416:in `block in task'
/usr/lib/ruby/gems/2.0.0/gems/celluloid-0.15.2/lib/celluloid/tasks.rb:55:in `block in initialize'
/usr/lib/ruby/gems/2.0.0/gems/celluloid-0.15.2/lib/celluloid/tasks/task_fiber.rb:13:in `block in create'
D, [2016-05-06T14:29:27.301350 #1635] DEBUG -- : Terminating 11 actors...
E, [2016-05-06T14:29:37.302980 #1635] ERROR -- : Couldn't cleanly terminate all actors in 10 seconds!
This thread was automatically locked due to age.
