The customer is not willing to open any inbound IP's as they do not want the MQ server to be publicly exposed to the internet.
Attached is the json file that we have used to configure the secure agent in the server (hostname and port number are of the MQ server's)
Also, would like to know where do we need to check the logs? is it in the MQ error logs/secure agent logs/OS logs?
Original Message:
Sent: Sun April 21, 2024 11:11 AM
From: Martin Ross
Subject: IBM ACE SaaS trial version connectivity with IBM MQ and S3
Hello Kiran
This relies completely on the target system that you are connecting to... If the queue manager you are connecting to has a publicly addressable endpoint then you would not need to use the secure agent to connect to it, but if it is not exposed to the public internet then you would need to use a technology like the secure agent to be able to connect to access the private network. The secure agent provides a mechanism to reach endpoints on a private network without having to open an inbound port on your firewall, some users prefer to open a port in their firewall in which case the source IP addresses for the ACE aaS runtimes allow them to only allow connectivity to that restricted set of IP addresses. Additionally, many publicly accessible applications allows users to configure allow lists on their endpoints where the ACE SaaS IP addresses again would be required.
------------------------------
Martin Ross
IBM
Original Message:
Sent: Fri April 19, 2024 06:39 AM
From: Kiran Kumar M
Subject: IBM ACE SaaS trial version connectivity with IBM MQ and S3
Thanks Martin, for your response. We were able to connect to the S3 bucket from the ACE SaaS instance after adding a bucket policy to it.
Regarding the secure agent we understand that it is required for connecting to a private network, could you also please confirm if this agent is required for connecting to a queue manager which is hosted on AWS.
Also, the below ibm documentation link says to whitelist the outbound IPs for ACE SaaS instance connecting to applications that are behind a firewall. Please confirm if this is required.
https://www.ibm.com/docs/en/app-connect/saas?topic=information-ip-addresses
------------------------------
Kiran Kumar M
Original Message:
Sent: Mon April 15, 2024 08:02 AM
From: Martin Ross
Subject: IBM ACE SaaS trial version connectivity with IBM MQ and S3
Hello
Looking at your more recent activity on the wboicna5qo instance I can see that on 12th April at 0720 UTC you are getting a 403 error response on the connection attempt to S3. I no longer see the 401 error, so looks like you are providing a correct access key now but it is not authorised to perform the operations. On the initial connect if a bucket is provided on the account then we will use the credentials to perform a "headBucket" command, otherwise we will attempt a "listBuckets" command to test connectivity. You need to ensure that the access key is associated to an IAM user with appropriate access to perform these operations.
Could you please check and confirm on the access for the associated IAM user?
------------------------------
Martin Ross
IBM
Original Message:
Sent: Fri April 12, 2024 03:31 AM
From: Kiran Kumar M
Subject: IBM ACE SaaS trial version connectivity with IBM MQ and S3
Hi Martin,
For the S3 connector, we've used the Access Key ID and Secret Key of the client's AWS environment with the region and bucket name as well . However, we are still seeing the same error.
Could you please suggest if there is any other configuration that needs to be done in the Client's AWS account.
Could you please suggest.
Thanks,
Kiran Kumar
------------------------------
Kiran Kumar M
Original Message:
Sent: Tue April 09, 2024 01:56 PM
From: Martin Ross
Subject: IBM ACE SaaS trial version connectivity with IBM MQ and S3
Hello Bhanu,
Looking at the trial instances over the past 7 days I can see the following:
MQ Connector
- On both instances the connection is failing due to timing out receiving MQRC 2009. It appears to be trying to access a 10. address for the queue manager on the wboicna5qo instance, and a 159. address on the eec70yikwd instance. These types of error are typically caused by firewalls or network access controls preventing the connection from being established - could you confirm on the scenario here and whether App Connect would have access to that network endpoint to connect?
S3 Connector
- I only see activity on the wboicna5qo trial instance and I can see connection failing with the error being reported that "The AWS Access Key Id you provided does not exist in our records." Could you confirm on the access key id being used for the connection?
------------------------------
Martin Ross
IBM
Original Message:
Sent: Mon April 08, 2024 06:21 AM
From: Bhanu Prakash Desakuru
Subject: IBM ACE SaaS trial version connectivity with IBM MQ and S3
Hello Martin,
Thank you. Below are the URLs of our trial instances.
https://wboicna5qo-designer.p-syd-c1.appconnect.automation.ibm.com
https://eec70yikwd-designer.p-syd-c1.appconnect.automation.ibm.com
Thank you
------------------------------
Bhanu Prakash Desakuru
Original Message:
Sent: Mon April 08, 2024 04:44 AM
From: Martin Ross
Subject: IBM ACE SaaS trial version connectivity with IBM MQ and S3
Hello,
The trial version does support this. There is a known issue the team are working on currently that is resulting in the generic error being presented to the user rather than the specifics of the connection error to allow you to resolve. If you could share the URL for your trial instance I can take a look to see why the connections were failing.
------------------------------
Martin Ross
IBM
Original Message:
Sent: Fri April 05, 2024 01:13 AM
From: Bhanu Prakash Desakuru
Subject: IBM ACE SaaS trial version connectivity with IBM MQ and S3
Hi All,
We have reserved IBM App Connect SaaS trial version on AWS and trying to do basic connectivity tests to our MQ( on IBM Cloud VM and AWS VM) and also with AWS S3. Filled all mandatory fields in respective connectors and clicked on connect but immediately getting error message as "Something went wrong, Please refresh the page or contact ibm support".
Please confirm whether trial version supports this basic connectivity testing or anything else we have to do to establish a successful connection
------------------------------
Bhanu Prakash Desakuru
------------------------------