From a7a5bbef92ca40fbc8a309d9ca7a1e02ad067482 Mon Sep 17 00:00:00 2001 From: Kathryn Alexander Date: Wed, 31 Jul 2019 16:37:37 -0400 Subject: [PATCH] bug 1724684 clarifying AWS key/token type --- .../installing-aws-customizations.adoc | 12 ++++++++++++ .../installing_aws/installing-aws-default.adoc | 12 ++++++++++++ .../installing-aws-network-customizations.adoc | 12 ++++++++++++ .../installing-aws-user-infra.adoc | 12 ++++++++++++ modules/installation-aws-iam-user.adoc | 12 ++++++++++-- modules/installation-extracting-infraid.adoc | 2 +- modules/installation-generate-aws-user-infra.adoc | 2 +- modules/installation-generate-ignition-configs.adoc | 2 +- modules/installation-initializing.adoc | 3 +-- 9 files changed, 62 insertions(+), 7 deletions(-) diff --git a/installing/installing_aws/installing-aws-customizations.adoc b/installing/installing_aws/installing-aws-customizations.adoc index 0a7ee009b6..48a64bb0a6 100644 --- a/installing/installing_aws/installing-aws-customizations.adoc +++ b/installing/installing_aws/installing-aws-customizations.adoc @@ -17,6 +17,18 @@ xref:../../architecture/architecture-installation.adoc#architecture-installation processes. * xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account] to host the cluster. ++ +[IMPORTANT] +==== +If you have an AWS profile stored on your computer, it must not use a temporary +session token that you generated while using a multi-factor authentication +device. The cluster continues to use your current AWS credentials to create +AWS resources for the entire life of the cluster, so you must use long-lived +credentials. To generate appropriate keys, see +link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] +in the AWS documentation. You can supply the keys when you run the installation +program. +==== * If you use a firewall, you must xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights]. diff --git a/installing/installing_aws/installing-aws-default.adoc b/installing/installing_aws/installing-aws-default.adoc index 3f143b8edd..d6e1cbd1a9 100644 --- a/installing/installing_aws/installing-aws-default.adoc +++ b/installing/installing_aws/installing-aws-default.adoc @@ -15,6 +15,18 @@ xref:../../architecture/architecture-installation.adoc#architecture-installation processes. * xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account] to host the cluster. ++ +[IMPORTANT] +==== +If you have an AWS profile stored on your computer, it must not use a temporary +session token that you generated while using a multi-factor authentication +device. The cluster continues to use your current AWS credentials to +create AWS resources for the entire life of the cluster, so you must +use key-based, long-lived credentials. To generate appropriate keys, see +link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] +in the AWS documentation. You can supply the keys when you run the installation +program. +==== * If you use a firewall, you must xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights]. diff --git a/installing/installing_aws/installing-aws-network-customizations.adoc b/installing/installing_aws/installing-aws-network-customizations.adoc index c8e18b3e3b..35dd1156ed 100644 --- a/installing/installing_aws/installing-aws-network-customizations.adoc +++ b/installing/installing_aws/installing-aws-network-customizations.adoc @@ -22,6 +22,18 @@ xref:../../architecture/architecture-installation.adoc#architecture-installation processes. * xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account] to host the cluster. ++ +[IMPORTANT] +==== +If you have an AWS profile stored on your computer, it must not use a temporary +session token that you generated while using a multi-factor authentication +device. The cluster continues to use your current AWS credentials to +create AWS resources for the entire life of the cluster, so you must +use key-based, long-lived credentials. To generate appropriate keys, see +link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] +in the AWS documentation. You can supply the keys when you run the installation +program. +==== * If you use a firewall, you must xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights]. diff --git a/installing/installing_aws_user_infra/installing-aws-user-infra.adoc b/installing/installing_aws_user_infra/installing-aws-user-infra.adoc index fe42e6d729..c650cc18b9 100644 --- a/installing/installing_aws_user_infra/installing-aws-user-infra.adoc +++ b/installing/installing_aws_user_infra/installing-aws-user-infra.adoc @@ -20,6 +20,18 @@ xref:../../architecture/architecture-installation.adoc#architecture-installation processes. * xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account] to host the cluster. ++ +[IMPORTANT] +==== +If you have an AWS profile stored on your computer, it must not use a temporary +session token that you generated while using a multi-factor authentication +device. The cluster continues to use your current AWS credentials to +create AWS resources for the entire life of the cluster, so you must +use key-based, long-lived credentials. To generate appropriate keys, see +link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] +in the AWS documentation. You can supply the keys when you run the installation +program. +==== * Download the AWS CLI and install it on your computer. See link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or Unix)] in the AWS documentation. diff --git a/modules/installation-aws-iam-user.adoc b/modules/installation-aws-iam-user.adoc index 81f068dbab..4b076b558a 100644 --- a/modules/installation-aws-iam-user.adoc +++ b/modules/installation-aws-iam-user.adoc @@ -39,5 +39,13 @@ individual components, so the same credentials are used by all components. `AdministratorAccess` policy. . Record the access key ID and secret access key values. You must use these -values when you configure your local machine to run the installation program, and this is -the only time that you can obtain them. +values when you configure your local machine to run the installation program. ++ +[IMPORTANT] +==== +You cannot use a temporary session token that you generated while using a +multi-factor authentication device to authenticate to AWS when you deploy a +cluster. The cluster continues to use your current AWS credentials to +create AWS resources for the entire life of the cluster, so you must +use key-based, long-lived credentials. +==== diff --git a/modules/installation-extracting-infraid.adoc b/modules/installation-extracting-infraid.adoc index c2ce1df955..d06a844d73 100644 --- a/modules/installation-extracting-infraid.adoc +++ b/modules/installation-extracting-infraid.adoc @@ -12,7 +12,7 @@ it. .Prerequisites -* Obtain the {product-title} installation program and the access token for your cluster. +* Obtain the {product-title} installation program and the pull secret for your cluster. * Generate the Ignition config files for your cluster. * Install the `jq` package. diff --git a/modules/installation-generate-aws-user-infra.adoc b/modules/installation-generate-aws-user-infra.adoc index a37062c5b0..e5f861c5fa 100644 --- a/modules/installation-generate-aws-user-infra.adoc +++ b/modules/installation-generate-aws-user-infra.adoc @@ -21,7 +21,7 @@ to ensure that the first certificate rotation has finished. .Prerequisites -* Obtain the {product-title} installation program and the access token for your cluster. +* Obtain the {product-title} installation program and the pull secret for your cluster. .Procedure diff --git a/modules/installation-generate-ignition-configs.adoc b/modules/installation-generate-ignition-configs.adoc index bdf40e3591..1a3bf0fec6 100644 --- a/modules/installation-generate-ignition-configs.adoc +++ b/modules/installation-generate-ignition-configs.adoc @@ -19,7 +19,7 @@ to ensure that the first certificate rotation has finished. .Prerequisites -* Obtain the {product-title} installation program and the access token for your cluster. +* Obtain the {product-title} installation program and the pull secret for your cluster. .Procedure diff --git a/modules/installation-initializing.adoc b/modules/installation-initializing.adoc index a69da74a26..132d7cd586 100644 --- a/modules/installation-initializing.adoc +++ b/modules/installation-initializing.adoc @@ -11,8 +11,7 @@ You can customize your installation of {product-title} on a compatible cloud. .Prerequisites -* Obtain the {product-title} installation program and the access token for your cluster. -* Obtain configuration details for your cloud. +* Obtain the {product-title} installation program and the pull secret for your cluster. .Procedure