Why can't I access the billing reports objects in my storage bucket?

The IBM Cloudability Enablement deployable architecture was deployed successfully but access is restricted to view the billing report files within the bucket.

When viewing the contents of the billing reports storage bucket within the IBM Cloud console, you see the error notification:

Access denied
BMCOSUI020001: Your attempt to fetch objects failed. Please contact your administrator for access.

The most likely cause is that you are denied because of a context-based restriction (CBR). By default the Cloudability Enablement DA creates a CBR to limit access to only IBM Cloudability, the IBM Cloud billing service, and IBM Cloud Schematics.

To resolve the issue, you can do one of two things:

1. Disable the context-based restriction from within the Project configuration.
2. Add an existing or new CBR zone with the IP addresses of your company to the CBR rule.

Context-based restrictions work with IAM policies to enforce access. Therefore, a user must meet both the requirements of the IAM policies and use an allowed IP address to view the contents of the bucket.

To disable the context-based restrictions on the Object Storage bucket, set the variable cbr_enforcement_mode to either disabled or report. To create a CBR zone with access to the bucket, add the range of IP addresses to the configuration variable additional_allowed_cbr_bucket_ip_addresses. If you want to grant an existing CBR zone to have access to the bucket then add the ID of the zone in the configuration variable existing_allowed_cbr_bucket_zone_id.

For more details on the available CBR configuration variables, see the configuration reference To learn how to configure these variables in the project configuration, see Configuring an architecture by using the console.