2023-10-30 10:13:25 -04:00
:_mod-docs-content-type: ASSEMBLY
2023-09-22 14:29:12 -04:00
include::_attributes/attributes-openshift-dedicated.adoc[]
:context: rosa-cloud-expert-prereq-checklist
[id="rosa-cloud-expert-prereq-checklist"]
2025-08-18 15:01:59 -05:00
= Prerequisites checklist for deploying {product-title}
2023-09-22 14:29:12 -04:00
toc::[]
//Mobb content metadata
//Brought into ROSA product docs 2023-09-15; does not follow typical OpenShift documentation formatting
//---
//date: '2023-07-27'
2023-10-30 10:13:25 -04:00
//title: Prerequisites Checklist to Deploy ROSA Cluster with STS
2023-09-22 14:29:12 -04:00
//tags: ["ROSA", "STS"]
//authors:
// - Byron Miller
// - Connor Wooley
// - Diana Sari
//---
2025-11-10 16:10:12 -05:00
[role="_abstract"]
2024-09-16 17:53:38 -04:00
ifdef::openshift-rosa[]
2025-08-18 15:01:59 -05:00
This is a high level checklist of prerequisites needed to create a {product-title} cluster with link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html[STS].
2024-09-16 17:53:38 -04:00
endif::openshift-rosa[]
2025-08-18 15:01:59 -05:00
ifdef::openshift-rosa-hcp[]
This is a high level checklist of prerequisites needed to create a {product-title} cluster.
endif::openshift-rosa-hcp[]
2023-09-22 14:29:12 -04:00
2024-09-16 17:53:38 -04:00
//TODO OSDOCS-11789: Consider adding the following to a subsection about the initiating/control machine, along with CLI sections?
The machine that you run the installation process from must have access to the following:
2023-09-22 14:29:12 -04:00
2024-09-16 17:53:38 -04:00
* Amazon Web Services API and authentication service endpoints
2025-08-18 15:01:59 -05:00
* Red{nbsp}Hat OpenShift API and authentication service endpoints (`api.openshift.com` and `sso.redhat.com`)
2025-05-12 16:33:17 -04:00
* Internet connectivity to obtain installation artifacts during deployment
2025-07-08 13:27:24 -05:00
//TODO OSDOCS-13133 update when zero egress is GA: "either during deployment or prior to deploying a cluster with egress zero enabled"
2023-09-22 14:29:12 -04:00
2024-09-16 17:53:38 -04:00
//TODO OSDOCS-11789: This needs to be accessible from parts of the cluster, but not the deploying machine - omit entirely, or leave in place for Classic?
ifdef::openshift-rosa[]
2024-02-12 12:11:11 -05:00
[IMPORTANT]
====
2025-11-10 16:10:12 -05:00
Starting with version 1.2.7 of the {rosa-cli-first}, all OIDC provider endpoint URLs on new clusters use Amazon CloudFront and the link:http://oidc.op1.openshiftapps.com/[oidc.op1.openshiftapps.com] domain. This change improves access speed, reduces latency, and improves resiliency for new clusters created with the {rosa-cli} 1.2.7 or later. There are no supported migration paths for existing OIDC provider configurations.
2024-02-12 12:11:11 -05:00
====
2024-09-16 17:53:38 -04:00
endif::openshift-rosa[]
2024-02-12 12:11:11 -05:00
2025-11-10 16:10:12 -05:00
include::modules/mos-checklist-accounts.adoc[leveloffset=+1]
include::modules/mos-checklist-aws-account.adoc[leveloffset=+2]
2023-09-22 14:29:12 -04:00
2025-11-10 16:10:12 -05:00
[role="_additional-resources"]
[id="additional-resources_mos-checklist-aws-account"]
.Additional resources
2023-09-22 14:29:12 -04:00
2025-11-10 16:10:12 -05:00
* xref:../cli_reference/rosa_cli/rosa-cli-permission-examples.adoc#rosa-cli-permission-examples[Least privilege permissions for common {rosa-cli} commands]
2023-09-22 14:29:12 -04:00
2025-11-10 16:10:12 -05:00
include::modules/mos-checklist-rh-account.adoc[leveloffset=+2]
include::modules/mos-checklist-cli-requirements.adoc[leveloffset=+1]
include::modules/mos-checklist-aws-cli.adoc[leveloffset=+2]
include::modules/mos-checklist-rosa-cli.adoc[leveloffset=+2]
2023-09-22 14:29:12 -04:00
2025-11-10 16:10:12 -05:00
ifdef::openshift-rosa[]
[role="_additional-resources"]
[id="additional-resources_mos-checklist-rosa-cli"]
.Additional resources
* xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc#rosa-installing-cli[Installing the {rosa-cli}]
endif::openshift-rosa[]
2023-09-22 14:29:12 -04:00
2025-11-10 16:10:12 -05:00
include::modules/mos-checklist-oc-cli.adoc[leveloffset=+2]
2023-09-22 14:29:12 -04:00
2025-11-10 16:10:12 -05:00
[role="_additional-resources"]
[id="additional-resources_mos-checklist-oc-cli"]
.Additional resources
2024-07-04 12:48:03 +10:00
2025-11-10 16:10:12 -05:00
* xref:../cli_reference/openshift_cli/getting-started-cli.adoc#cli-getting-started[Getting started with the OpenShift CLI]
include::modules/mos-checklist-aws-infra-prereqs.adoc[leveloffset=+1]
[role="_additional-resources"]
[id="additional-resources_mos-checklist-aws-infra-prereqs"]
.Additional resources
2023-09-22 14:29:12 -04:00
2024-09-16 17:53:38 -04:00
ifdef::openshift-rosa[]
2025-11-10 16:10:12 -05:00
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-aws-policy-provisioned_rosa-sts-aws-prereqs[Provisioned AWS Infrastructure]
* xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Required AWS service quotas]
2024-09-16 17:53:38 -04:00
endif::openshift-rosa[]
ifdef::openshift-rosa-hcp[]
2025-11-10 16:10:12 -05:00
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-aws-policy-provisioned_rosa-hcp-prereqs[Provisioned AWS Infrastructure]
* xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Required AWS service quotas]
2024-09-16 17:53:38 -04:00
endif::openshift-rosa-hcp[]
2023-09-22 14:29:12 -04:00
2025-11-10 16:10:12 -05:00
include::modules/mos-checklist-scp-prereqs.adoc[leveloffset=+1]
2024-09-16 17:53:38 -04:00
2025-11-10 16:10:12 -05:00
[role="_additional-resources"]
[id="additional-resources_mos-checklist-scp-prereqs"]
.Additional resources
2024-09-16 17:53:38 -04:00
2025-11-10 16:10:12 -05:00
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-minimum-scp_rosa-sts-about-iam-resources[Minimum set of effective permissions for SCPs]
2025-09-02 15:33:11 +01:00
2025-11-10 16:10:12 -05:00
[id="mos-checklist-networking-prereqs"]
== Networking prerequisites
// include::modules/mos-checklist-networking-prereqs.adoc[leveloffset=+1]
include::modules/mos-checklist-firewall.adoc[leveloffset=+2]
//Moving up prereqs that are actually required for deployment
ifdef::openshift-rosa[]
include::modules/mos-checklist-vpc-privatelink.adoc[leveloffset=+2]
2024-09-16 17:53:38 -04:00
2025-11-10 16:10:12 -05:00
[role="_additional-resources"]
[id="additional-resources_mos-checklist-vpc-privatelink"]
.Additional resources
2024-09-16 17:53:38 -04:00
2025-11-10 16:10:12 -05:00
* xref:../networking/ovn_kubernetes_network_provider/configuring-cluster-wide-proxy.adoc#configuring-cluster-wide-proxy[Configuring a cluster-wide proxy]
endif::openshift-rosa[]
ifdef::openshift-rosa-hcp[]
include::modules/mos-checklist-vpc-post-install.adoc[leveloffset=+2]
2024-09-16 17:53:38 -04:00
endif::openshift-rosa-hcp[]
2025-11-10 16:10:12 -05:00
include::modules/mos-checklist-add-custom-sgs.adoc[leveloffset=+2]
2024-09-16 17:53:38 -04:00
2025-11-10 16:10:12 -05:00
[role="_additional-resources"]
[id="additional-resources_mos-checklist-add-custom-sgs"]
.Additional resources
2024-09-16 17:53:38 -04:00
ifdef::openshift-rosa[]
2025-11-10 16:10:12 -05:00
* xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Security groups]
2024-09-16 17:53:38 -04:00
endif::openshift-rosa[]
ifdef::openshift-rosa-hcp[]
2025-11-10 16:10:12 -05:00
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-security-groups_rosa-hcp-prereqs[Security groups]
2024-09-16 17:53:38 -04:00
endif::openshift-rosa-hcp[]
2025-11-10 16:10:12 -05:00
include::modules/mos-checklist-custom-dns-domains.adoc[leveloffset=+2]
2024-09-16 17:53:38 -04:00
2025-11-10 16:10:12 -05:00
[role="_additional-resources"]
[id="additional-resources_mos-checklist-custom-dns-domains"]
.Additional resources
2024-09-16 17:53:38 -04:00
2025-11-10 16:10:12 -05:00
* xref:../cloud_experts_tutorials/cloud-experts-custom-dns-resolver.adoc#cloud-experts-custom-dns-resolver[Deploying {product-title} with a custom DNS resolver]
