If you are using the Call Log Export feature then please read the full message below, share within your organization and implement the required changes by March 2nd, 2021 or you risk losing log delivery through this feature.
As we announced previously (check notification https://status.cloud.tibco.com/incidents/9mkfq0rvl9xf
), native S3 bucket encryption and assumed-role access to customer buckets for the Call Log Export feature have been released. These upgrades provide improved security for this feature. With this announcement in October 2020, we also announced that Call Log Export profiles using the IAM based bucket access policy option will be disabled.
Customers not upgrading to the new functionality prior to target date will have call log delivery disrupted until the new functionality is configured.
In an effort to make this process as straightforward as possible we have outlined the following process for replacing existing ECLE profiles with those using the S3 encryption and assumed-role access:
1 - Create a new S3 bucket using the CloudFormation template. It is available for download here: https://developer.mashery.com/files/ECLE_customer_resources.yaml
. Contextual information is available within the application on the Call Log Export create and edit screens.
2 - Log in to your API Control Center, select the Call Log Exports option from the Analyze menu, and then create a new profile. To complete this, you will need values obtained after running the new CloudFormation template.
3 - Once you have completed the new ECLE profile, it will take roughly 3 hours for the new configuration to become active. After this period has passed, check the new S3 bucket for encrypted logs by selecting an object in the bucket, then navigating to the Properties tab and looking for "AWS-KMS" on the Encryption card.
4 - Once confirmed that you are getting the logs, start consuming logs from the new encrypted S3 bucket.
5 - Delete the original, unencrypted bucket policy.
6 - As a best practice, please review your configured ECLE profiles. Delete or adjust End Dates of the profiles that you don't wish to receive logs for.
Note: Only files uploaded after the configuration is live will be encrypted, existing files will remain unencrypted.
Please contact us via the TIBCO Support Portal (https://support.tibco.com
) if you have any questions regarding the configuration and upgrade.