Issue
We used an S3 bucket with name x.y for session recording with PAM 2.8. After upgrade to PAM 3.X the bucket is not mounted successfully.
Resolution
PAM uses s3fs to mount an S3 bucket. PAM 3.x includes a newer version with tighter certificate checking. Per information at https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html please avoid using bucket names with dots when creating buckets for PAM session recordings or database backups:
"When you use virtual hosted–style buckets with Secure Sockets Layer (SSL), the SSL wildcard certificate only matches buckets that don't contain periods. To work around this, use HTTP or write your own certificate verification logic. We recommend that you do not use periods (".") in bucket names when using virtual hosted–style buckets."