From f18bce77455202368ca5eea747fba13bff377755 Mon Sep 17 00:00:00 2001 From: Kathryn Alexander Date: Fri, 8 Mar 2019 14:46:39 -0500 Subject: [PATCH] OSDOCS-282 context for cluster credentials --- modules/installation-aws-iam-user.adoc | 12 +++++++++++- modules/installation-aws-permissions.adoc | 2 +- modules/installation-launching-installer.adoc | 7 +++++++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/modules/installation-aws-iam-user.adoc b/modules/installation-aws-iam-user.adoc index cd8e43e281..42153e9dc2 100644 --- a/modules/installation-aws-iam-user.adoc +++ b/modules/installation-aws-iam-user.adoc @@ -21,7 +21,17 @@ procedure in the AWS documentation, set the following options: . Specify the IAM user name and select `Programmatic access`. . Attach the `AdministratorAccess` policy to ensure that the account has -sufficient permission to create the cluster. +sufficient permission to create the cluster. This policy provides the cluster +with the ability to grant credentials to each {product-title} component. The +cluster grants the components only the credentials that they require. ++ +[NOTE] +==== +While it is possible to create a policy that grants the all of the required +AWS permissions and attach it to the user, this is not the preferred option. +The cluster will not have the ability to grant additional credentials to +individual components, so the same credentials are used by all components. +==== . Optionally, add metadata to the user by attaching tags. diff --git a/modules/installation-aws-permissions.adoc b/modules/installation-aws-permissions.adoc index e4bbfb91e2..f0f8ac67fb 100644 --- a/modules/installation-aws-permissions.adoc +++ b/modules/installation-aws-permissions.adoc @@ -7,7 +7,7 @@ When you attach the `AdministratorAccess` policy to the IAM user that you create, you grant that user all of the required permissions. To deploy a {project-title} -cluster, the IAM user: +cluster, the IAM user requires the following permissions: .EC2 roles required to launch nodes [cols="2a,2a,2a,5a",options="header"] diff --git a/modules/installation-launching-installer.adoc b/modules/installation-launching-installer.adoc index 22051c93d4..d7ba3d0ec3 100644 --- a/modules/installation-launching-installer.adoc +++ b/modules/installation-launching-installer.adoc @@ -46,6 +46,13 @@ Provide values at the prompts: -- endif::[] + +[NOTE] +==== +If the AWS account that you configured on your host does not have sufficient +permissions to deploy the cluster, the installation process stops, and the +missing permissions are displayed. +==== ++ When the cluster deployment completes, directions for accessing your cluster, including a link to its web console and credentials for the `kubeadmin` user, display in your terminal.