GovCloud Admin Console login with ARAM permissions

Update timeline

1. identified Aug 30, 2023, 02:03 PM UTC

   We have identified an issue affecting users on the Admin Console in the GovCloud region who have administrative rights over Advanced Reporting & Alerts module (ARAM).

2. identified Aug 30, 2023, 02:14 PM UTC

   We are continuing to work on a fix for this issue.

3. resolved Aug 30, 2023, 02:50 PM UTC

   The issue has been resolved. Console login to GovCloud for users with ARAM reporting administrative functions has been restored.

4. postmortem Aug 30, 2023, 03:06 PM UTC

   The GovCloud DevOps team uses automated infrastructure deployment systems via Terraform to manage all environments. A change was made to subnet VPC routing which inadvertently caused connectivity issues between certain backend services and a specific Redshift cluster. This issue affected admins on the Keeper Admin Console who have ARAM permissions applied to their role policies. Delegated admins without reporting permissions were not affected. Vault login and other client-side vault applications were not affected. Recent improvements to the Vault and Admin Console backend APIs masked the issue for the automated detection systems which would have immediately flagged the error and alerted the DevOps team. We have resolved the infrastructure route and updated the monitoring systems to take this into account and will continue to monitor for any future issues.