VM-series firewall failed to bootstrap in AWS due to internal error

• IAM role is configured to allow access to AWS S3 bucket.
• Bootstrap package has the required folders: /config, /license, /software, and /content
• To isolate, login to firewall CLI and check the following:

> debug logview component bts_details display-forward yes
s1mp bts_details 2020-10-12 02:29:00: INFO: Bootstrap log initialized
s1mp bts_details 2020-10-12 02:29:00: INFO: Running command: detect []
s1mp bts_details 2020-10-12 02:29:00: DEBUG: /mnt/install_media: created
s1mp bts_details 2020-10-12 02:30:12: DEBUG: (/bin/mount | /bin/grep /mnt/install_media): Install media detected: (['/dev/sda2 on /mnt/install_media type ext3 (rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=writeback)\n'] [])
s1mp bts_details 2020-10-12 02:30:12: DEBUG: Successfully mounted the VM install media
s1mp bts_details 2020-10-12 02:30:12: DEBUG: Setup media logging
s1mp bts_details 2020-10-12 02:30:12: ERROR: Detect failed with error: btsErrorSoftware: /mnt/install_media: have no mounted storage device.(7)
s1mp bts_details 2020-10-12 02:30:12: DEBUG: Syslogging: /usr/local/bin/pan_elog -u 12 -e 201326627 -s critical -m "Media detect failed due to internal error" -x
s1mp bts_details 2020-10-12 02:30:13: DEBUG: Adding status: Media Detection Failed Media detect failed due to internal error
s1mp bts_details 2020-10-12 02:30:14: ERROR: btsErrorSoftware: /mnt/install_media: have no mounted storage device.(7)

> less mp-log pan_vm_plugin.log
2020-10-12 02:29:00.494 -0700 vm_install_media INFO: : vm_mode: 4
2020-10-12 02:29:00.567 -0700 vm_install_media INFO: : Platform Identified as AWS
2020-10-12 02:29:00.619 -0700 vm_install_media INFO: : AWS cloud_setting called
2020-10-12 02:29:01.738 -0700 vm_install_media INFO: : AWS bootstrap_attach called
2020-10-12 02:29:01.738 -0700 vm_install_media INFO: : VM bootstrap: AWS
2020-10-12 02:29:01.739 -0700 vm_install_media INFO: : AWS get_meta_data called http://169.254.169.254/latest/ user-data
2020-10-12 02:29:01.740 -0700 vm_install_media INFO: : AWS get_meta_data succeedeed
2020-10-12 02:29:01.740 -0700 vm_install_media INFO: : AWS get_meta_data called http://169.254.169.254/latest/ meta-data/iam/security-credentials
2020-10-12 02:29:01.741 -0700 vm_install_media INFO: : AWS get_meta_data succeedeed
2020-10-12 02:29:03.994 -0700 vm_install_media INFO: : AWS: downloading file config/init-cfg.txt
2020-10-12 02:29:04.058 -0700 vm_install_media INFO: : AWS: downloading file ilb.zip
2020-10-12 02:29:04.090 -0700 vm_install_media INFO: : AWS: downloading file license/authcodes
2020-10-12 02:29:04.205 -0700 vm_install_media INFO: : AWS: downloading file pafw-aws-mod.zip
2020-10-12 02:29:04.269 -0700 vm_install_media INFO: : AWS: downloading file pafw-startlog2020-10-06-08-17-03-0779A1E23B20A73A
2020-10-12 02:29:04.333 -0700 vm_install_media INFO: : AWS: downloading file pafw-startlog2020-10-06-08-17-53-2A03F9CD5B3A0D5C

• Highlighted output above indicates firewall failed to detect media due to internal error.
• Firewall could access to AWS S3 and get the objects under the specified bucket.

• Palo Alto VM Firewalls
• AWS (Amazon Web Service) deployment

• S3 logging is enabled and all the log files are stored in the root directory of the bucket.
• There are extra files downloaded by firewall as shown above:

pafw-startlog2020-10-06-08-17-03-0779A1E23B20A73A
pafw-startlog2020-10-06-08-17-53-2A03F9CD5B3A0D5C

1. Disable S3 logging for the bucket. Refer link in the additional section and contact Amazon TAC for assistance.
2. Delete all the logging files seen in the logs.
3. Re-launch the instance, bootstrap should be carried out successfully