Why isn't the flow log collector authorized to publish data to the IBM Cloud Object Storage bucket?
A flow log collector requires an IBM Cloud Object Storage bucket to be defined and accessible. If you see the error log with message ID is.flow-log-collector.00002E, the IBM Cloud Object Storage bucket is not accessible. The flow
log collector cannot publish data to the bucket.
To avoid lost data, create an IBM Cloud Object Storage bucket within the next 24 hours to correct this problem.
The flow log collector is not authorized to publish data to the IBM Cloud Object Storage bucket:
is.flow-log-collector.00002E: Unauthorized access to Cloud Object Storage bucket <BucketName>
The IBM Cloud Object Storage bucket does not have the correct access to allow the flow log collector to publish data.
Check for a defined authorization between the flow log collector and the IBM Cloud Object Storage bucket. If not, add one so that the flow log collector can access the bucket.
To define an authorization, follow these steps:
- In the IBM Cloud console, click Manage > Access (IAM).
- Select Authorizations from the navigation pane.
- Click Create.
- For Source service:
- Select VPC Infrastructure Services. Then, select Services based on attributes.
- Select Resource type. Then, select Flow Logs for VPC.
- Select Source resource instance and choose an option.
- For Target service:
- Select Cloud Object Storage. Then, select Services based on attributes.
- Select Service instance and choose an option.
- For Service access, select the Writer role.
- Click Authorize.
For more information, see Creating a flow log collector.