diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 3d58f7cd48..9eaf93b337 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -133,6 +133,8 @@ Topics: File: installing-aws-private - Name: Installing a cluster on AWS into a government region File: installing-aws-government-region + - Name: Installing a cluster on AWS into a Top Secret Region + File: installing-aws-secret-region - Name: Installing a cluster on AWS into a China region File: installing-aws-china - Name: Installing a cluster on AWS using CloudFormation templates diff --git a/installing/installing_aws/installing-aws-government-region.adoc b/installing/installing_aws/installing-aws-government-region.adoc index 26e9689f07..d25ddefc6d 100644 --- a/installing/installing_aws/installing-aws-government-region.adoc +++ b/installing/installing_aws/installing-aws-government-region.adoc @@ -25,6 +25,7 @@ If you have an AWS profile stored on your computer, it must not use a temporary * If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials]. include::modules/installation-aws-about-government-region.adoc[leveloffset=+1] + include::modules/installation-prereq-aws-private-cluster.adoc[leveloffset=+1] include::modules/private-clusters-default.adoc[leveloffset=+1] diff --git a/installing/installing_aws/installing-aws-secret-region.adoc b/installing/installing_aws/installing-aws-secret-region.adoc new file mode 100644 index 0000000000..ff24c932db --- /dev/null +++ b/installing/installing_aws/installing-aws-secret-region.adoc @@ -0,0 +1,76 @@ +:_content-type: ASSEMBLY +[id="installing-aws-secret-region"] += Installing a cluster on AWS into a Top Secret Region +include::modules/common-attributes.adoc[] +:context: installing-aws-secret-region + +toc::[] + +In {product-title} version {product-version}, you can install a cluster on Amazon Web Services (AWS) into a Commercial Cloud Services (C2S) Top Secret Region. To configure the region, modify parameters in the `install config.yaml` file before you install the cluster. + +[id="prerequisites_installing-aws-secret-region"] +== Prerequisites + +* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. +* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users]. +* You xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster. ++ +[IMPORTANT] +==== +If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multifactor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program. +==== +* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to. +* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials]. + +include::modules/installation-aws-about-government-region.adoc[leveloffset=+1] + +include::modules/installation-aws-regions-with-no-ami.adoc[leveloffset=+1] + +include::modules/private-clusters-default.adoc[leveloffset=+1] +include::modules/private-clusters-about-aws.adoc[leveloffset=+2] + +include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1] + +include::modules/cluster-entitlements.adoc[leveloffset=+1] + +include::modules/installation-aws-upload-custom-rhcos-ami.adoc[leveloffset=+1] + +include::modules/ssh-agent-using.adoc[leveloffset=+1] + +include::modules/installation-obtaining-installer.adoc[leveloffset=+1] + +include::modules/installation-initializing-manual.adoc[leveloffset=+1] +include::modules/installation-configuration-parameters.adoc[leveloffset=+2] +include::modules/installation-supported-aws-machine-types.adoc[leveloffset=+2] +include::modules/installation-aws-config-yaml.adoc[leveloffset=+2] +include::modules/installation-configure-proxy.adoc[leveloffset=+2] + +include::modules/installation-launching-installer.adoc[leveloffset=+1] + +include::modules/cli-installing-cli.adoc[leveloffset=+1] + +include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] + +include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1] + +[role="_additional-resources"] +[id="additional-resources_installing-aws-secret-region_console"] +.Additional resources + +* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console. + +include::modules/cluster-telemetry.adoc[leveloffset=+1] + +[role="_additional-resources"] +[id="additional-resources_installing-aws-secret-region_telemetry"] +.Additional resources + +* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service. + +[id="next-steps_installing-aws-secret-region"] +== Next steps + +* xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation]. +* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. +* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials]. diff --git a/modules/cli-installing-cli.adoc b/modules/cli-installing-cli.adoc index c302f04323..d522a91c4d 100644 --- a/modules/cli-installing-cli.adoc +++ b/modules/cli-installing-cli.adoc @@ -6,6 +6,7 @@ // * installing/installing_aws/installing-aws-default.adoc // * installing/installing_aws/installing-aws-china.adoc // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc diff --git a/modules/cli-logging-in-kubeadmin.adoc b/modules/cli-logging-in-kubeadmin.adoc index 4543888b6e..7ae9dbdf6c 100644 --- a/modules/cli-logging-in-kubeadmin.adoc +++ b/modules/cli-logging-in-kubeadmin.adoc @@ -5,6 +5,7 @@ // * installing/installing_aws/installing-aws-default.adoc // * installing/installing_aws/installing-aws-china.adoc // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc diff --git a/modules/cluster-entitlements.adoc b/modules/cluster-entitlements.adoc index 660f524705..7b4ac0334d 100644 --- a/modules/cluster-entitlements.adoc +++ b/modules/cluster-entitlements.adoc @@ -36,6 +36,7 @@ // * installing/installing_aws/installing-aws-default.adoc // * installing/installing_aws/installing-aws-vpc.adoc // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-china-region.adoc // * installing/installing_openstack/installing-openstack-installer-kuryr.adoc // * installing/installing_openstack/installing-openstack-installer-restricted.adoc diff --git a/modules/installation-aws-about-government-region.adoc b/modules/installation-aws-about-government-region.adoc index 0e1a8f66e5..929c148ed3 100644 --- a/modules/installation-aws-about-government-region.adoc +++ b/modules/installation-aws-about-government-region.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc ifeval::["{context}" == "installing-aws-government-region"] :aws-gov: @@ -14,7 +15,7 @@ ifdef::aws-gov[] = AWS government regions endif::aws-gov[] ifdef::aws-secret[] -= AWS secret region += AWS Top Secret Region endif::aws-secret[] ifdef::aws-gov[] @@ -22,11 +23,11 @@ ifdef::aws-gov[] endif::aws-gov[] ifdef::aws-secret[] -{product-title} supports deploying a cluster to an link:https://aws.amazon.com/federal/us-intelligence-community/[AWS Commercial Cloud Services (C2S) Secret Region]. +{product-title} supports deploying a cluster to an link:https://aws.amazon.com/federal/us-intelligence-community/[AWS Commercial Cloud Services (C2S) Top Secret Region]. endif::aws-secret[] ifdef::aws-secret[] -The C2S Secret Region does not have a published {op-system-first} Amazon Machine Images (AMI) to select, so you +The C2S Top Secret Region does not have a published {op-system-first} Amazon Machine Images (AMI) to select, so you must upload a custom AMI that belongs to that region. endif::aws-secret[] @@ -38,7 +39,7 @@ The following AWS GovCloud partitions are supported: endif::aws-gov[] ifdef::aws-secret[] -The following AWS Secret Region partition is supported: +The following AWS Top Secret Region partition is supported: * `us-iso-east-1` endif::aws-secret[] diff --git a/modules/installation-aws-config-yaml.adoc b/modules/installation-aws-config-yaml.adoc index f19d64633c..522df6ecd9 100644 --- a/modules/installation-aws-config-yaml.adoc +++ b/modules/installation-aws-config-yaml.adoc @@ -2,6 +2,7 @@ // // * installing/installing_aws/installing-aws-customizations.adoc // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc @@ -113,6 +114,7 @@ ifdef::gov[] endif::gov[] ifdef::secret[] - us-iso-east-1a + - us-iso-east-1b endif::secret[] ifndef::gov,china,secret[] - us-west-2c @@ -360,10 +362,10 @@ endif::openshift-origin[] endif::private[] ifdef::secret[] ifndef::openshift-origin[] -<14> The custom CA certificate. This is required when deploying to the AWS C2S Secret Region because the AWS API requires a custom CA trust bundle. +<14> The custom CA certificate. This is required when deploying to the AWS C2S Top Secret Region because the AWS API requires a custom CA trust bundle. endif::openshift-origin[] ifdef::openshift-origin[] -<13> The custom CA certificate. This is required when deploying to the AWS C2S Secret Region because the AWS API requires a custom CA trust bundle. +<13> The custom CA certificate. This is required when deploying to the AWS C2S Top Secret Region because the AWS API requires a custom CA trust bundle. endif::openshift-origin[] endif::secret[] ifdef::restricted[] diff --git a/modules/installation-aws-regions-with-no-ami.adoc b/modules/installation-aws-regions-with-no-ami.adoc index 8c1d97674d..1047f4ffc5 100644 --- a/modules/installation-aws-regions-with-no-ami.adoc +++ b/modules/installation-aws-regions-with-no-ami.adoc @@ -2,7 +2,7 @@ // // * installing/installing_aws/installing-aws-china.adoc // * installing/installing_aws/installing-aws-user-infra.adoc -// * installing/installing_aws/installing-aws-secret.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc ifeval::["{context}" == "installing-aws-china-region"] :aws-china: @@ -10,9 +10,6 @@ endif::[] ifeval::["{context}" == "installing-aws-secret-region"] :aws-secret: endif::[] -// ifeval::["{context}" == "installing-aws-government-region"] -// :aws-gov: -// endif::[] [id="installation-aws-regions-with-no-ami_{context}"] ifndef::aws-china,aws-secret[] @@ -46,7 +43,7 @@ endif::aws-china,aws-secret[] ifdef::aws-china,aws-secret[] ifdef::aws-china[Red Hat does not publish a {op-system-first} Amazon Machine Image (AMI) for the AWS China regions.] -ifdef::aws-secret[Red Hat does not publish a {op-system-first} Amzaon Machine Image for the AWS secret region.] +ifdef::aws-secret[Red Hat does not publish a {op-system-first} Amzaon Machine Image for the AWS Top Secret Region.] Before you can install the cluster, you must: @@ -59,7 +56,7 @@ You cannot use the {product-title} installation program to create the installati ifdef::aws-secret[] [IMPORTANT] ==== -If you are deploying to the C2S Secret Region, you must also define a custom CA certificate in the `additionalTrustBundle` field of the `install-config.yaml` file because the AWS API requires a custom CA trust bundle. To allow the installation program to access the AWS API, the CA certificates must also be defined on the machine that runs the installation program. You must add the CA bundle to the trust store on the machine, use the `AWS_CA_BUNDLE` environment variable, or define the CA bundle in the link:https://docs.aws.amazon.com/credref/latest/refdocs/setting-global-ca_bundle.html[`ca_bundle`] field of the AWS config file. +You must also define a custom CA certificate in the `additionalTrustBundle` field of the `install-config.yaml` file because the AWS API requires a custom CA trust bundle. To allow the installation program to access the AWS API, the CA certificates must also be defined on the machine that runs the installation program. You must add the CA bundle to the trust store on the machine, use the `AWS_CA_BUNDLE` environment variable, or define the CA bundle in the link:https://docs.aws.amazon.com/credref/latest/refdocs/setting-global-ca_bundle.html[`ca_bundle`] field of the AWS config file. ==== endif::aws-secret[] @@ -71,6 +68,3 @@ endif::[] ifeval::["{context}" == "installing-aws-secret-region"] :!aws-secret: endif::[] -// ifeval::["{context}" == "installing-aws-government-region"] -// :!aws-gov: -// endif::[] diff --git a/modules/installation-aws-upload-custom-rhcos-ami.adoc b/modules/installation-aws-upload-custom-rhcos-ami.adoc index 00aeb67f8e..532d9daa70 100644 --- a/modules/installation-aws-upload-custom-rhcos-ami.adoc +++ b/modules/installation-aws-upload-custom-rhcos-ami.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // -// * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc +// * installing/installing_aws/installing-aws-china.adoc ifeval::["{context}" == "installing-aws-china-region"] :aws-china: diff --git a/modules/installation-configuration-parameters.adoc b/modules/installation-configuration-parameters.adoc index b739859508..027cce1af9 100644 --- a/modules/installation-configuration-parameters.adoc +++ b/modules/installation-configuration-parameters.adoc @@ -5,6 +5,7 @@ // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-vpc.adoc // * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-customizations.adoc diff --git a/modules/installation-configure-proxy.adoc b/modules/installation-configure-proxy.adoc index 40256d4e4c..0ad471dcf9 100644 --- a/modules/installation-configure-proxy.adoc +++ b/modules/installation-configure-proxy.adoc @@ -1,10 +1,11 @@ // Module included in the following assemblies: // -// * installing/installing_aws/installing-aws-customizations.adoc -// * installing/installing_aws/installing-aws-network-customizations.adoc -// * installing/installing_aws/installing-aws-private.adoc -// * installing/installing_aws/installing-aws-vpc.adoc -// * installing/installing_aws/installing-aws-china.adoc +// * installing/installing_aws/installing_aws-customizations.adoc +// * installing/installing_aws/installing_aws-network-customizations.adoc +// * installing/installing_aws/installing_aws-private.adoc +// * installing/installing_aws/installing_aws-vpc.adoc +// * installing/installing_aws/installing_aws-china.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-user-infra.adoc // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc diff --git a/modules/installation-custom-aws-vpc.adoc b/modules/installation-custom-aws-vpc.adoc index b6b82d31f3..e660123b87 100644 --- a/modules/installation-custom-aws-vpc.adoc +++ b/modules/installation-custom-aws-vpc.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc @@ -10,6 +11,9 @@ endif::[] ifeval::["{context}" == "installing-aws-vpc"] :public: endif::[] +ifeval::["{context}" == "installing-aws-secret-region"] +:aws-secret: +endif::[] :_content-type: CONCEPT [id="installation-custom-aws-vpc_{context}"] @@ -61,13 +65,13 @@ The installation program modifies your subnets to add the `kubernetes.io/cluster + If you prefer to use your own Route 53 hosted private zone, you must associate the existing hosted zone with your VPC prior to installing a cluster. You can define your hosted zone using the `platform.aws.hostedZone` field in the `install-config.yaml` file. -ifndef::aws-china[] +ifndef::aws-china,aws-secret[] If you are working in a disconnected environment, you are unable to reach the public IP addresses for EC2 and ELB endpoints. To resolve this, you must create a VPC endpoint and attach it to the subnet that the clusters are using. The endpoints should be named as follows: * `ec2..amazonaws.com` * `elasticloadbalancing..amazonaws.com` * `s3..amazonaws.com` -endif::aws-china[] +endif::aws-china,aws-secret[] ifdef::aws-china[] If you are working in a disconnected environment, you are unable to reach the public IP addresses for EC2 and ELB endpoints. To resolve this, you must create a VPC endpoint and attach it to the subnet that the clusters are using. The endpoints should be named as follows: @@ -77,6 +81,13 @@ If you are working in a disconnected environment, you are unable to reach the pu * `s3..amazonaws.com` endif::aws-china[] +ifdef::aws-secret[] +* A cluster in a Top Secret Region is unable to reach the public IP addresses for the EC2 and ELB endpoints. You must create a VPC endpoint and attach it to the subnet that the clusters are using. Name the endpoints as follows: +** `elasticloadbalancing..c2s.ic.gov` +** `ec2..c2s.ic.gov` +** `s3..c2s.ic.gov` +endif::aws-secret[] + .Required VPC components You must provide a suitable VPC and subnets that allow communication to your @@ -178,6 +189,7 @@ If you deploy {product-title} to an existing network, the isolation of cluster s //You can restrict ingress to the control plane and compute security groups by either adding the security groups to an SSH bastion instance or altering rules to allow the bastion. * Control plane TCP 6443 ingress (Kubernetes API) is allowed to the entire network. * Control plane TCP 22623 ingress (MCS) is allowed to the entire network. +//This should be restricted to the control plane and compute security groups, instead of the current by-VPC-CIDR logic to avoid leaking sensitive Ignition configs to non-cluster entities sharing the VPC. ifeval::["{context}" == "installing-aws-china-region"] :!aws-china: @@ -185,4 +197,6 @@ endif::[] ifeval::["{context}" == "installing-aws-vpc"] :!public: endif::[] -//This should be restricted to the control plane and compute security groups, instead of the current by-VPC-CIDR logic to avoid leaking sensitive Ignition configs to non-cluster entities sharing the VPC. +ifeval::["{context}" == "installing-aws-secret-region"] +:!aws-secret: +endif::[] diff --git a/modules/installation-initializing-manual.adoc b/modules/installation-initializing-manual.adoc index 5209e2cb89..34c3b2b533 100644 --- a/modules/installation-initializing-manual.adoc +++ b/modules/installation-initializing-manual.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_azure/installing-azure-government-region.adoc // * installing/installing_azure/installing-azure-private.adoc diff --git a/modules/installation-launching-installer.adoc b/modules/installation-launching-installer.adoc index 0f552148b3..cb6c8b39ab 100644 --- a/modules/installation-launching-installer.adoc +++ b/modules/installation-launching-installer.adoc @@ -5,6 +5,7 @@ // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-vpc.adoc // * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-customizations.adoc diff --git a/modules/installation-obtaining-installer.adoc b/modules/installation-obtaining-installer.adoc index 3a2cc22648..679eb27baa 100644 --- a/modules/installation-obtaining-installer.adoc +++ b/modules/installation-obtaining-installer.adoc @@ -4,6 +4,7 @@ // * installing/installing_aws/installing-aws-customizations.adoc // * installing/installing_aws/installing-aws-default.adoc // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc diff --git a/modules/installation-supported-aws-machine-types.adoc b/modules/installation-supported-aws-machine-types.adoc index 08a753d62b..f581f6cbf6 100644 --- a/modules/installation-supported-aws-machine-types.adoc +++ b/modules/installation-supported-aws-machine-types.adoc @@ -4,6 +4,7 @@ // * installing/installing_aws/installing-restricted-networks-aws.adoc // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-customizations.adoc // * installing/installing_aws/installing-aws-vpc.adoc // * installing/installing_aws/installing-aws-private.adoc diff --git a/modules/logging-in-by-using-the-web-console.adoc b/modules/logging-in-by-using-the-web-console.adoc index 818aca9f35..d34e7a7268 100644 --- a/modules/logging-in-by-using-the-web-console.adoc +++ b/modules/logging-in-by-using-the-web-console.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // *installing/installing_aws/installing-aws-china.adoc. +// * installing/installing_aws/installing-aws-secret-region.adoc // *installing/validating-an-installation.adoc // *installing/installing_aws/installing-aws-user-infra.adoc // *installing/installing_aws/installing-restricted-networks-aws.adoc diff --git a/modules/private-clusters-about-aws.adoc b/modules/private-clusters-about-aws.adoc index 874816e5da..319c44004a 100644 --- a/modules/private-clusters-about-aws.adoc +++ b/modules/private-clusters-about-aws.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-private.adoc // * post_installation_configuration/node-tasks.adoc diff --git a/modules/private-clusters-default.adoc b/modules/private-clusters-default.adoc index 1e36668f85..e84f6b630b 100644 --- a/modules/private-clusters-default.adoc +++ b/modules/private-clusters-default.adoc @@ -3,6 +3,7 @@ // * installing/installing_aws/installing-aws-china.adoc // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-aws-private.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_gcp/installing-gcp-private.adoc // * installing/installing_azure/installing-azure-government-region.adoc // * installing/installing_azure/installing-azure-private.adoc @@ -35,8 +36,8 @@ endif::aws-gov[] ifdef::aws-secret[] [NOTE] ==== -Public zones are not supported in Route 53 in an AWS Secret Region. Therefore, clusters -must be private if they are deployed to an AWS Secret Region. +Public zones are not supported in Route 53 in an AWS Top Secret Region. Therefore, clusters +must be private if they are deployed to an AWS Top Secret Region. ==== endif::aws-secret[] diff --git a/modules/ssh-agent-using.adoc b/modules/ssh-agent-using.adoc index 6b0c0ff00d..b2fce20de4 100644 --- a/modules/ssh-agent-using.adoc +++ b/modules/ssh-agent-using.adoc @@ -5,6 +5,7 @@ // * installing/installing_aws/installing-aws-customizations.adoc // * installing/installing_aws/installing-aws-default.adoc // * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc