diff --git a/modules/rosa-sts-about-iam-resources.adoc b/modules/rosa-sts-about-iam-resources.adoc deleted file mode 100644 index eedfa55e0e..0000000000 --- a/modules/rosa-sts-about-iam-resources.adoc +++ /dev/null @@ -1,15 +0,0 @@ -// Module included in the following assemblies: -// -// * rosa_getting_started_sts/rosa_creating_a_cluster_with_sts/rosa-sts-about-iam-resources.adoc - -:_content-type: CONCEPT -[id="rosa-sts-about-iam-resources_{context}"] -= About IAM resources for clusters that use STS - -To deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must create the following AWS Identity Access Management (IAM) resources: - -* Specific account-wide IAM roles and policies that provide the STS permissions required for ROSA support, installation, control plane and compute functionality. This includes account-wide Operator policies. -* Cluster-specific Operator IAM roles that permit the ROSA cluster Operators to carry out core OpenShift functionality. -* An OpenID Connect (OIDC) provider that the cluster Operators use to authenticate. - -This document provides reference information about the IAM resources that you must deploy when you create a ROSA cluster that uses STS. It also includes the `aws` CLI commands that are generated when you use `manual` mode with the `rosa create` command. diff --git a/rosa_getting_started/rosa-sts-about-iam-resources.adoc b/rosa_getting_started/rosa-sts-about-iam-resources.adoc index 404040a9a0..4f0afa442e 100644 --- a/rosa_getting_started/rosa-sts-about-iam-resources.adoc +++ b/rosa_getting_started/rosa-sts-about-iam-resources.adoc @@ -6,13 +6,19 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -include::modules/rosa-sts-about-iam-resources.adoc[leveloffset=+1] +To deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must create the following AWS Identity Access Management (IAM) resources: + +* Specific account-wide IAM roles and policies that provide the STS permissions required for ROSA support, installation, control plane, and compute functionality. This includes account-wide Operator policies. +* Cluster-specific Operator IAM roles that permit the ROSA cluster Operators to carry out core OpenShift functionality. +* An OpenID Connect (OIDC) provider that the cluster Operators use to authenticate. + +This document provides reference information about the IAM resources that you must deploy when you create a ROSA cluster that uses STS. It also includes the `aws` CLI commands that are generated when you use `manual` mode with the `rosa create` command. [role="_additional-resources"] .Additional resources -* For steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly]. -* For steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations]. +* For steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly]. +* For steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations]. include::modules/rosa-sts-account-wide-roles-and-policies.adoc[leveloffset=+1]