openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/rosa-sts-operator-role-commands.adoc
Olga Tikhomirova 028f09ddf9 OSDOCS-16122 - Adding missing content types to ROSA
2025-11-05 19:06:33 +00:00

74 lines
4.4 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * rosa_architecture/rosa-sts-about-iam-resources.adoc
:_mod-docs-content-type: REFERENCE
[id="rosa-sts-operator-role-aws-cli_{context}"]
= Operator IAM role AWS CLI reference
This section lists the `aws` CLI commands that are shown in the terminal when you run the following `rosa` command using `manual` mode:
[source,terminal]
----
$ rosa create operator-roles --mode manual --cluster <cluster_name>
----
[NOTE]
====
When using `manual` mode, the `aws` commands are printed to the terminal for your review. After reviewing the `aws` commands, you must run them manually. Alternatively, you can specify `--mode auto` with the `rosa create` command to run the `aws` commands immediately.
====
.Command output
[source,terminal]
----
aws iam create-role \
--role-name <cluster_name>-<hash>-openshift-cluster-csi-drivers-ebs-cloud-credent \
--assume-role-policy-document file://operator_cluster_csi_drivers_ebs_cloud_credentials_policy.json \
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cluster-csi-drivers Key=operator_name,Value=ebs-cloud-credentials
aws iam attach-role-policy \
--role-name <cluster_name>-<hash>-openshift-cluster-csi-drivers-ebs-cloud-credent \
--policy-arn arn:aws:iam::<aws_account_id>:policy/ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credent
aws iam create-role \
--role-name <cluster_name>-<hash>-openshift-machine-api-aws-cloud-credentials \
--assume-role-policy-document file://operator_machine_api_aws_cloud_credentials_policy.json \
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-machine-api Key=operator_name,Value=aws-cloud-credentials
aws iam attach-role-policy \
--role-name <cluster_name>-<hash>-openshift-machine-api-aws-cloud-credentials \
--policy-arn arn:aws:iam::<aws_account_id>:policy/ManagedOpenShift-openshift-machine-api-aws-cloud-credentials
aws iam create-role \
--role-name <cluster_name>-<hash>-openshift-cloud-credential-operator-cloud-crede \
--assume-role-policy-document file://operator_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json \
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cloud-credential-operator Key=operator_name,Value=cloud-credential-operator-iam-ro-creds
aws iam attach-role-policy \
--role-name <cluster_name>-<hash>-openshift-cloud-credential-operator-cloud-crede \
--policy-arn arn:aws:iam::<aws_account_id>:policy/ManagedOpenShift-openshift-cloud-credential-operator-cloud-crede
aws iam create-role \
--role-name <cluster_name>-<hash>-openshift-image-registry-installer-cloud-creden \
--assume-role-policy-document file://operator_image_registry_installer_cloud_credentials_policy.json \
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
aws iam attach-role-policy \
--role-name <cluster_name>-<hash>-openshift-image-registry-installer-cloud-creden \
--policy-arn arn:aws:iam::<aws_account_id>:policy/ManagedOpenShift-openshift-image-registry-installer-cloud-creden
aws iam create-role \
--role-name <cluster_name>-<hash>-openshift-ingress-operator-cloud-credentials \
--assume-role-policy-document file://operator_ingress_operator_cloud_credentials_policy.json \
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-ingress-operator Key=operator_name,Value=cloud-credentials
aws iam attach-role-policy \
--role-name <cluster_name>-<hash>-openshift-ingress-operator-cloud-credentials \
--policy-arn arn:aws:iam::<aws_account_id>:policy/ManagedOpenShift-openshift-ingress-operator-cloud-credentials
----
[NOTE]
====
The command examples provided in the table include Operator roles that use the `ManagedOpenShift` prefix. If you defined a custom prefix when you created the account-wide roles and policies, including the Operator policies, you must reference it by using the `--prefix <prefix_name>` option when you create the Operator roles.
====
View Git Blame Copy Permalink