From 7c31c49af5ef3dadc432cb8e1f6e73ee12ce936a Mon Sep 17 00:00:00 2001
From: Lisa Pettyjohn <lpettyjo@lpettyjo.remote.csb>
Date: Mon, 7 Aug 2023 12:00:20 -0400
Subject: [PATCH] OSDOCS#7073:Support standard STS config

---
 modules/persistent-storage-csi-efs-sts.adoc   | 62 ++++++++++---------
 ...tent-storage-csi-olm-operator-install.adoc |  5 ++
 ...storage-efs-csi-driver-operator-setup.adoc |  6 ++
 .../persistent-storage-csi-aws-efs.adoc       | 12 ++--
 4 files changed, 53 insertions(+), 32 deletions(-)

diff --git a/modules/persistent-storage-csi-efs-sts.adoc b/modules/persistent-storage-csi-efs-sts.adoc
index 6d34dd58a3..ce1bd51ac7 100644
--- a/modules/persistent-storage-csi-efs-sts.adoc
+++ b/modules/persistent-storage-csi-efs-sts.adoc
@@ -4,28 +4,27 @@
 
 :_content-type: PROCEDURE
 [id="efs-sts_{context}"]
-= Configuring AWS EFS CSI Driver Operator with Security Token Service
+= Obtaining a role Amazon Resource Name for Security Token Service
 
-This procedure explains how to configure the AWS EFS CSI Driver Operator with {product-title} on AWS Security Token Service (STS).
-
-Perform this procedure before you have installed the AWS EFS CSI Operator, but not yet installed the AWS EFS CSI driver as part of the _Installing the AWS EFS CSI Driver Operator_ procedure.
+This procedure explains how to obtain a role Amazon Resource Name (ARN) to configure the AWS EFS CSI Driver Operator with {product-title} on AWS Security Token Service (STS).
 
 [IMPORTANT]
 ====
-If you perform this procedure after installing the driver and creating volumes, your volumes will fail to mount into pods.
+Perform this procedure before you install the AWS EFS CSI Driver Operator (see _Installing the AWS EFS CSI Driver Operator_ procedure).
 ====
 
 .Prerequisites
 
-* You have access to the cluster as a user with the cluster-admin role.
+* Access to the cluster as a user with the cluster-admin role.
 * AWS account credentials
-* You have installed the AWS EFS CSI Operator.
 
 .Procedure
 
-To configure the AWS EFS CSI Driver Operator with STS:
+You can obtain the ARN role in multiple ways. The following procedure shows one method that uses the same concept and CCO utility (`ccoctl`) binary tool as cluster installation.
 
-. Extract the CCO utility (`ccoctl`) binary from the {product-title} release image, which you used to install the cluster with STS. For more information, see "Configuring the Cloud Credential Operator utility".
+To obtain a role ARN for configuring AWS EFS CSI Driver Operator using STS:
+
+. Extract the `ccoctl` from the {product-title} release image, which you used to install the cluster with STS. For more information, see "Configuring the Cloud Credential Operator utility".
 
 . Create and save an EFS `CredentialsRequest` YAML file, such as shown in the following example, and then place it in the `credrequests` directory:
 +
@@ -85,23 +84,30 @@ $ ccoctl aws create-iam-roles --name my-aws-efs --credentials-requests-dir credr
 2022/03/21 06:24:45 Updated Role policy for Role my-aws-efs-openshift-cluster-csi-drivers-aws-efs-cloud-
 ----
 
-. Create the AWS EFS cloud credentials and secret:
+. Copy the role ARN from the first line of the _Example output_ in the preceding step. The role ARN is between "Role" and "created". In this example, the role ARN is "arn:aws:iam::123456789012:role/my-aws-efs -openshift-cluster-csi-drivers-aws-efs-cloud". 
 +
-[source,terminal]
-----
-$ oc create -f <path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
-----
-+
-.Example
-+
-[source,terminal]
-----
-$ oc create -f /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
-----
-+
-.Example output
-+
-[source,terminal]
-----
-secret/aws-efs-cloud-credentials created
-----
+You will need the role ARN when you install the AWS EFS CSI Driver Operator.
+
+.Next steps
+
+//??the below step not needed for 4.14? ???
+//. Create the AWS EFS cloud credentials and secret:
+//+
+//[source, terminal]
+//----
+//$ oc create -f <path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
+//----
+//+
+//.Example
+//+
+//[source, terminal]
+//----
+//$ oc create -f /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
+//----
+//+
+//.Example output
+//+
+//[source, terminal]
+//----
+//secret/aws-efs-cloud-credentials created
+//----
\ No newline at end of file
diff --git a/modules/persistent-storage-csi-olm-operator-install.adoc b/modules/persistent-storage-csi-olm-operator-install.adoc
index 0bbf794f1f..0978f8aa19 100644
--- a/modules/persistent-storage-csi-olm-operator-install.adoc
+++ b/modules/persistent-storage-csi-olm-operator-install.adoc
@@ -34,9 +34,14 @@ Be sure to select the *{FeatureName} CSI Driver Operator* and not the *{FeatureN
 
 .. On the *Install Operator* page, ensure that:
 +
+ifdef::openshift-rosa,openshift-enterprise[]
+* If you are using {FeatureName} with AWS Secure Token Service (STS), in the *role ARN* field, enter the ARN role copied from the last step of the _Obtaining a role Amazon Resource Name for Security Token Service_ procedure.
+endif::[]
 * *All namespaces on the cluster (default)* is selected.
 * *Installed Namespace* is set to *openshift-cluster-csi-drivers*.
 
 .. Click *Install*.
 +
 After the installation finishes, the {FeatureName} CSI Operator is listed in the *Installed Operators* section of the web console.
+
+.Next steps
diff --git a/modules/persistent-storage-efs-csi-driver-operator-setup.adoc b/modules/persistent-storage-efs-csi-driver-operator-setup.adoc
index ccfc4dc8e5..797047ed95 100644
--- a/modules/persistent-storage-efs-csi-driver-operator-setup.adoc
+++ b/modules/persistent-storage-efs-csi-driver-operator-setup.adoc
@@ -13,4 +13,10 @@ ifdef::openshift-rosa[]
 . If you are using Amazon Elastic File Storage (Amazon EFS) with AWS Secure Token Service (STS), configure the https://github.com/openshift/aws-efs-csi-driver[{FeatureName} CSI driver] with STS.
 endif::openshift-rosa[]
 
+ifdef::openshift-rosa,openshift-enterprise[]
+. If you are using {FeatureName} with AWS Secure Token Service (STS), obtain a role Amazon Resource Name (ARN) for STS. This is required for installing the {FeatureName} CSI Driver Operator.
+endif::[]
+
+. Install the {FeatureName} CSI Driver Operator.
+
 . Install the {FeatureName} CSI Driver.
diff --git a/storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc b/storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
index 0c276cf51c..05bf82242b 100644
--- a/storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
@@ -32,16 +32,20 @@ include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
 :FeatureName: AWS EFS
 include::modules/persistent-storage-efs-csi-driver-operator-setup.adoc[leveloffset=+1]
 
-include::modules/persistent-storage-csi-olm-operator-install.adoc[leveloffset=+2]
-.Next steps
-* If you are using {FeatureName} with AWS Secure Token Service (STS), you must configure the {FeatureName} CSI Driver with STS. For more information, see xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#efs-sts_persistent-storage-csi-aws-efs[Configuring AWS EFS CSI Driver with STS].
-
+ifdef::openshift-rosa,openshift-enterprise[]
 include::modules/persistent-storage-csi-efs-sts.adoc[leveloffset=+2]
+
+xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs[Install the AWS EFS CSI Driver Operator].
 [role="_additional-resources"]
 .Additional resources
 * xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs[Installing the AWS EFS CSI Driver Operator]
 * xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
 * xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-efs-driver-install_persistent-storage-csi-aws-efs[Installing the {FeatureName} CSI Driver]
+endif::[]
+
+include::modules/persistent-storage-csi-olm-operator-install.adoc[leveloffset=+2]
+
+xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-efs-driver-install_persistent-storage-csi-aws-efs[Install the AWS EFS CSI Driver].
 
 include::modules/persistent-storage-csi-efs-driver-install.adoc[leveloffset=+2]