bug 1724684 clarifying AWS key/token type

2026-02-05 21:46:22 +01:00 · 2019-07-31 16:37:37 -04:00
parent b3e35cfea4
commit a7a5bbef92
9 changed files with 62 additions and 7 deletions
--- a/installing/installing_aws/installing-aws-customizations.adoc
+++ b/installing/installing_aws/installing-aws-customizations.adoc
@@ -17,6 +17,18 @@ xref:../../architecture/architecture-installation.adoc#architecture-installation
 processes.
 * xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account]
 to host the cluster.
+
+[IMPORTANT]
+====
+If you have an AWS profile stored on your computer, it must not use a temporary
+session token that you generated while using a multi-factor authentication
+device. The cluster continues to use your current AWS credentials to create
+AWS resources for the entire life of the cluster, so you must use long-lived
+credentials. To generate appropriate keys, see
+link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users]
+in the AWS documentation. You can supply the keys when you run the installation
+program.
+====
 * If you use a firewall, you must
 xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights].

--- a/installing/installing_aws/installing-aws-default.adoc
+++ b/installing/installing_aws/installing-aws-default.adoc
@@ -15,6 +15,18 @@ xref:../../architecture/architecture-installation.adoc#architecture-installation
 processes.
 * xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account]
 to host the cluster.
+
+[IMPORTANT]
+====
+If you have an AWS profile stored on your computer, it must not use a temporary
+session token that you generated while using a multi-factor authentication
+device. The cluster continues to use your current AWS credentials to
+create AWS resources for the entire life of the cluster, so you must
+use key-based, long-lived credentials. To generate appropriate keys, see
+link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users]
+in the AWS documentation. You can supply the keys when you run the installation
+program.
+====
 * If you use a firewall, you must
 xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights].

--- a/installing/installing_aws/installing-aws-network-customizations.adoc
+++ b/installing/installing_aws/installing-aws-network-customizations.adoc
@@ -22,6 +22,18 @@ xref:../../architecture/architecture-installation.adoc#architecture-installation
 processes.
 * xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account]
 to host the cluster.
+
+[IMPORTANT]
+====
+If you have an AWS profile stored on your computer, it must not use a temporary
+session token that you generated while using a multi-factor authentication
+device. The cluster continues to use your current AWS credentials to
+create AWS resources for the entire life of the cluster, so you must
+use key-based, long-lived credentials. To generate appropriate keys, see
+link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users]
+in the AWS documentation. You can supply the keys when you run the installation
+program.
+====
 * If you use a firewall, you must
 xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights].

--- a/installing/installing_aws_user_infra/installing-aws-user-infra.adoc
+++ b/installing/installing_aws_user_infra/installing-aws-user-infra.adoc
@@ -20,6 +20,18 @@ xref:../../architecture/architecture-installation.adoc#architecture-installation
 processes.
 * xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account]
 to host the cluster.
+
+[IMPORTANT]
+====
+If you have an AWS profile stored on your computer, it must not use a temporary
+session token that you generated while using a multi-factor authentication
+device. The cluster continues to use your current AWS credentials to
+create AWS resources for the entire life of the cluster, so you must
+use key-based, long-lived credentials. To generate appropriate keys, see
+link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users]
+in the AWS documentation. You can supply the keys when you run the installation
+program.
+====
 * Download the AWS CLI and install it on your computer. See
 link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or Unix)]
 in the AWS documentation.
--- a/modules/installation-aws-iam-user.adoc
+++ b/modules/installation-aws-iam-user.adoc
@@ -39,5 +39,13 @@ individual components, so the same credentials are used by all components.
 `AdministratorAccess` policy.

 . Record the access key ID and secret access key values. You must use these
-values when you configure your local machine to run the installation program, and this is
-the only time that you can obtain them.
+values when you configure your local machine to run the installation program.
+
+[IMPORTANT]
+====
+You cannot use a temporary session token that you generated while using a
+multi-factor authentication device to authenticate to AWS when you deploy a
+cluster. The cluster continues to use your current AWS credentials to
+create AWS resources for the entire life of the cluster, so you must
+use key-based, long-lived credentials.
+====
--- a/modules/installation-extracting-infraid.adoc
+++ b/modules/installation-extracting-infraid.adoc
@@ -12,7 +12,7 @@ it.

 .Prerequisites

-* Obtain the {product-title} installation program and the access token for your cluster.
+* Obtain the {product-title} installation program and the pull secret for your cluster.
 * Generate the Ignition config files for your cluster.
 * Install the `jq` package.

--- a/modules/installation-generate-aws-user-infra.adoc
+++ b/modules/installation-generate-aws-user-infra.adoc
@@ -21,7 +21,7 @@ to ensure that the first certificate rotation has finished.

 .Prerequisites

-* Obtain the {product-title} installation program and the access token for your cluster.
+* Obtain the {product-title} installation program and the pull secret for your cluster.

 .Procedure

--- a/modules/installation-generate-ignition-configs.adoc
+++ b/modules/installation-generate-ignition-configs.adoc
@@ -19,7 +19,7 @@ to ensure that the first certificate rotation has finished.

 .Prerequisites

-* Obtain the {product-title} installation program and the access token for your cluster.
+* Obtain the {product-title} installation program and the pull secret for your cluster.

 .Procedure

--- a/modules/installation-initializing.adoc
+++ b/modules/installation-initializing.adoc
@@ -11,8 +11,7 @@ You can customize your installation of {product-title} on a compatible cloud.

 .Prerequisites

-* Obtain the {product-title} installation program and the access token for your cluster.
-* Obtain configuration details for your cloud.
+* Obtain the {product-title} installation program and the pull secret for your cluster.

 .Procedure