From 6e38f4c1292ac5f9cfbdfac9f5af7ff3dded87c8 Mon Sep 17 00:00:00 2001 From: Eric Ponvelle Date: Tue, 22 Mar 2022 15:32:44 -0400 Subject: [PATCH] ROSA Docs: Fixed broken links; restructured topic --- modules/rosa-sts-about-iam-resources.adoc | 15 --------------- .../rosa-sts-about-iam-resources.adoc | 12 +++++++++--- 2 files changed, 9 insertions(+), 18 deletions(-) delete mode 100644 modules/rosa-sts-about-iam-resources.adoc diff --git a/modules/rosa-sts-about-iam-resources.adoc b/modules/rosa-sts-about-iam-resources.adoc deleted file mode 100644 index eedfa55e0e..0000000000 --- a/modules/rosa-sts-about-iam-resources.adoc +++ /dev/null @@ -1,15 +0,0 @@ -// Module included in the following assemblies: -// -// * rosa_getting_started_sts/rosa_creating_a_cluster_with_sts/rosa-sts-about-iam-resources.adoc - -:_content-type: CONCEPT -[id="rosa-sts-about-iam-resources_{context}"] -= About IAM resources for clusters that use STS - -To deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must create the following AWS Identity Access Management (IAM) resources: - -* Specific account-wide IAM roles and policies that provide the STS permissions required for ROSA support, installation, control plane and compute functionality. This includes account-wide Operator policies. -* Cluster-specific Operator IAM roles that permit the ROSA cluster Operators to carry out core OpenShift functionality. -* An OpenID Connect (OIDC) provider that the cluster Operators use to authenticate. - -This document provides reference information about the IAM resources that you must deploy when you create a ROSA cluster that uses STS. It also includes the `aws` CLI commands that are generated when you use `manual` mode with the `rosa create` command. diff --git a/rosa_getting_started/rosa-sts-about-iam-resources.adoc b/rosa_getting_started/rosa-sts-about-iam-resources.adoc index 404040a9a0..4f0afa442e 100644 --- a/rosa_getting_started/rosa-sts-about-iam-resources.adoc +++ b/rosa_getting_started/rosa-sts-about-iam-resources.adoc @@ -6,13 +6,19 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -include::modules/rosa-sts-about-iam-resources.adoc[leveloffset=+1] +To deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must create the following AWS Identity Access Management (IAM) resources: + +* Specific account-wide IAM roles and policies that provide the STS permissions required for ROSA support, installation, control plane, and compute functionality. This includes account-wide Operator policies. +* Cluster-specific Operator IAM roles that permit the ROSA cluster Operators to carry out core OpenShift functionality. +* An OpenID Connect (OIDC) provider that the cluster Operators use to authenticate. + +This document provides reference information about the IAM resources that you must deploy when you create a ROSA cluster that uses STS. It also includes the `aws` CLI commands that are generated when you use `manual` mode with the `rosa create` command. [role="_additional-resources"] .Additional resources -* For steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly]. -* For steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations]. +* For steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly]. +* For steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations]. include::modules/rosa-sts-account-wide-roles-and-policies.adoc[leveloffset=+1]