mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
59 lines
2.8 KiB
Plaintext
59 lines
2.8 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * support/troubleshooting/rosa-troubleshooting-iam-resources.adoc
|
|
// * rosa_planning/rosa-sts-ocm-role.adoc
|
|
// * rosa_planning/rosa-hcp-prepare-iam-resources.adoc
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="rosa-sts-user-role-iam-basic-role_{context}"]
|
|
= Creating a user-role IAM role
|
|
|
|
[role="_abstract"]
|
|
You can create your `user-role` IAM roles by using the {rosa-cli-first}.
|
|
|
|
.Prerequisites
|
|
|
|
* You have an AWS account.
|
|
* You have installed and configured the latest {rosa-cli}, `rosa`, on your installation host.
|
|
|
|
.Procedure
|
|
* To create a `user-role` IAM role with basic privileges, run the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ rosa create user-role
|
|
----
|
|
+
|
|
This command allows you to create the role by specifying specific attributes. The following example output shows the "auto mode" selected, which lets the {rosa-cli} (`rosa`) to create your Operator roles and policies. See "Understanding the auto and manual deployment modes" for more information. The following example shows what your creation flow may look like.
|
|
+
|
|
[source,terminal]
|
|
----
|
|
I: Creating User role
|
|
? Role prefix: ManagedOpenShift
|
|
? Permissions boundary ARN (optional):
|
|
? Role Path (optional):
|
|
? Role creation mode: auto
|
|
I: Creating ocm user role using 'arn:aws:iam::2066:user'
|
|
? Create the 'ManagedOpenShift-User.osdocs-Role' role? Yes
|
|
I: Created role 'ManagedOpenShift-User.osdocs-Role' with ARN 'arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role'
|
|
I: Linking User role
|
|
? User Role ARN: arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role
|
|
? Link the 'arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role' role with account '1AGE'? Yes
|
|
I: Successfully linked role ARN 'arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role' with account '1AGE'
|
|
----
|
|
+
|
|
where:
|
|
+
|
|
--
|
|
`Role prefix`:: A prefix value for all of the created AWS resources. In this example, `ManagedOpenShift` prepends all of the AWS resources.
|
|
`Permissions boundary ARN (optional)`:: The Amazon Resource Name (ARN) of the policy to set permission boundaries.
|
|
`Role Path (optional)`:: Specify an IAM path for the user name.
|
|
`Role creation mode`:: Choose the method to create your AWS roles. Using `auto`, the {rosa-cli} generates and links the roles and policies. In the `auto` mode, you receive some different prompts to create the AWS roles.
|
|
`Create the 'ManagedOpenShift-User.osdocs-Role' role?`:: The `auto` method asks if you want to create a specific `user-role` using your prefix.
|
|
`Link the 'arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role' role with account '1AGE'?`:: Links the created role with your AWS organization.
|
|
--
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
If you unlink or delete your `user-role` IAM role before deleting your cluster, an error prevents you from deleting your cluster. You must create or relink this role to proceed with the deletion process.
|
|
====
|