openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

ROSA Docs: Fixed broken links; restructured topic

Browse Source
This commit is contained in:
Eric Ponvelle
2022-03-22 15:32:44 -04:00
committed by openshift-cherrypick-robot
parent 37a10cd64c
commit 6e38f4c129
2 changed files with 9 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/rosa-sts-about-iam-resources.adoc
View File

@@ -1,15 +0,0 @@
// Module included in the following assemblies:
//
// * rosa_getting_started_sts/rosa_creating_a_cluster_with_sts/rosa-sts-about-iam-resources.adoc
:_content-type: CONCEPT
[id="rosa-sts-about-iam-resources_{context}"]
= About IAM resources for clusters that use STS
To deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must create the following AWS Identity Access Management (IAM) resources:
* Specific account-wide IAM roles and policies that provide the STS permissions required for ROSA support, installation, control plane and compute functionality. This includes account-wide Operator policies.
* Cluster-specific Operator IAM roles that permit the ROSA cluster Operators to carry out core OpenShift functionality.
* An OpenID Connect (OIDC) provider that the cluster Operators use to authenticate.
This document provides reference information about the IAM resources that you must deploy when you create a ROSA cluster that uses STS. It also includes the `aws` CLI commands that are generated when you use `manual` mode with the `rosa create` command.

12
rosa_getting_started/rosa-sts-about-iam-resources.adoc
View File

@@ -6,13 +6,19 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
include::modules/rosa-sts-about-iam-resources.adoc[leveloffset=+1]
To deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must create the following AWS Identity Access Management (IAM) resources:
* Specific account-wide IAM roles and policies that provide the STS permissions required for ROSA support, installation, control plane, and compute functionality. This includes account-wide Operator policies.
* Cluster-specific Operator IAM roles that permit the ROSA cluster Operators to carry out core OpenShift functionality.
* An OpenID Connect (OIDC) provider that the cluster Operators use to authenticate.
This document provides reference information about the IAM resources that you must deploy when you create a ROSA cluster that uses STS. It also includes the `aws` CLI commands that are generated when you use `manual` mode with the `rosa create` command.
[role="_additional-resources"]
.Additional resources
* For steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly].
* For steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations].
* For steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly].
* For steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations].
include::modules/rosa-sts-account-wide-roles-and-policies.adoc[leveloffset=+1]