mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
23 lines
1.4 KiB
Plaintext
23 lines
1.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * rosa_planning/rosa-sts-ocm-role.adoc
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="rosa-sts-about-user-role_{context}"]
|
|
= About the user-role IAM role
|
|
|
|
[role="_abstract"]
|
|
You need to create a `user-role` IAM role per web UI user to enable those users to create {product-title} clusters.
|
|
|
|
Some considerations for your `user-role` IAM role are:
|
|
|
|
* You only need one `user-role` IAM role per Red{nbsp}Hat user account, but your Red{nbsp}Hat organization can have many of these IAM resources.
|
|
* Any user in a Red{nbsp}Hat organization may create and link an `user-role` IAM role.
|
|
* There can be numerous `user-role` IAM roles per AWS account per Red{nbsp}Hat organization.
|
|
* Red{nbsp}Hat uses the `user-role` IAM role to identify the user. This IAM resource has no AWS account permissions.
|
|
* Your AWS account can have multiple `user-role` IAM roles, but you must link each IAM role to each user in your Red{nbsp}Hat organization. No user can have more than one linked `user-role` IAM role.
|
|
|
|
[NOTE]
|
|
====
|
|
"Linking" or "associating" your IAM resources with your AWS account means creating a trust-policy with your `user-role` IAM role and the Red{nbsp}Hat {cluster-manager} AWS role. After creating and linking this IAM resource, you see a trust relationship from your `user-role` IAM role in AWS with the `arn:aws:iam::710019948333:role/RH-Managed-OpenShift-Installer` resource.
|
|
====
|