openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/installation-aws-iam-user.adoc
Brendan Daly 7709fa2278 OSDOCS-16989_2:updating CQAs
2025-12-16 16:59:59 +00:00

44 lines
2.2 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * installing/installing_aws/installing-aws-account.adoc
:_mod-docs-content-type: PROCEDURE
[id="installation-aws-iam-user_{context}"]
= Creating an IAM user
[role="_abstract"]
Before you install {product-title}, you must create a secondary IAM administrative user and assign permissions to create the cluster.
Each {aws-first} account contains a root user account that is based on the email address you used to create the account.
[IMPORTANT]
====
This is a highly-privileged account, and it is recommended to use it for only initial account and billing configuration, creating an initial set of users, and securing the account.
====
As you complete the
link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html[Creating an IAM User in Your AWS Account]
procedure in the {aws-first} documentation, set the following options:
.Procedure
. Specify the IAM user name and select `Programmatic access`.
. Attach the `AdministratorAccess` policy to ensure that the account has sufficient permission to create the cluster. This policy provides the cluster with the ability to grant credentials to each {product-title} component. The cluster grants the components only the credentials that they require.
+
[NOTE]
====
While it is possible to create a policy that grants the all of the required AWS permissions and attach it to the user, this is not the preferred option. The cluster will not have the ability to grant additional credentials to individual components, so the same credentials are used by all components.
====
. Optional: Add metadata to the user by attaching tags.
. Confirm that the user name that you specified is granted the
`AdministratorAccess` policy.
. Record the access key ID and secret access key values. You must use these values when you configure your local machine to run the installation program.
+
[IMPORTANT]
You cannot use a temporary session token that you generated while using a multi-factor authentication device to authenticate to {aws-short} when you deploy a cluster. The cluster continues to use your current {aws-short} credentials to create {aws-short} resources for the entire life of the cluster, so you must
use key-based, long-term credentials.
View Git Blame Copy Permalink