mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 09:46:53 +01:00
26f69f8b4e
- Including changes from OSDOCS-11640 by cherry-picking in 16db23b
- Rebased against main following merge of rosa_hcp_migration branch
- Corrected missing 500 node max support limit
- Applied peer and merge review feedback
Squashed:
1 - Intial commit for the ROSA with HCP branch
2 - Adding the Upgrading HCP cherrypick
3 - Adding the Security HCP cherrypick
4 - Upgrading ROSA with HCP updates
5 - Updated the HCP migration to include the ROSA Tutorals and Learning sections
6 - Updated the HCP migration to add the rest of the books from the password protected preview
7 - Repaired the links in Introduction to ROSA book
8 - classic to hcp migration topic maps update
commented in the end of section in topic map
applied QE suggestions from gdoc
applied more QE suggestions from gdoc
applied conditions for new hcp distro to assemblies and modules
fixed typo on line 13 of configuring registry operator
replaced namespace as suggested by QE
removed operator pod list
removed space in rosa topic maps
removed spacing in line 39 of checking status of pods
41 lines
2.3 KiB
Plaintext
41 lines
2.3 KiB
Plaintext
:_mod-docs-content-type: ASSEMBLY
|
|
include::_attributes/attributes-openshift-dedicated.adoc[]
|
|
[id="rosa-cli-permission-examples"]
|
|
= Least privilege permissions for ROSA CLI commands
|
|
:context: rosa-cli-permission-examples
|
|
toc::[]
|
|
|
|
You can create roles with permissions that adhere to the principal of least privilege, in which the users assigned the roles have no other permissions assigned to them outside the scope of the specific action they need to perform. These policies contain only the minimum required permissions needed to perform specific actions by using the {product-title} (ROSA) command line interface (CLI).
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Although the policies and commands presented in this topic will work in conjunction with one another, you might have other restrictions within your AWS environment that make the policies for these commands insufficient for your specific needs. Red{nbsp}Hat provides these examples as a baseline, assuming no other AWS Identity and Access Management (IAM) restrictions are present.
|
|
====
|
|
|
|
// Omitting from HCP build until BM gets to review
|
|
ifdef::temp-ifdef[]
|
|
[NOTE]
|
|
====
|
|
The examples listed cover several of the most common ROSA CLI commands. For more information regarding ROSA CLI commands, see xref:../../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-common-commands_rosa-managing-objects-cli[Common commands and arguments].
|
|
====
|
|
endif::[]
|
|
|
|
For more information about configuring permissions, policies, and roles in the AWS console, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html[AWS Identity and Access Management] in the AWS documentation.
|
|
|
|
include::modules/rosa-cli-hcp-classic-examples.adoc[leveloffset=+1]
|
|
|
|
ifdef::temp-ifdef[]
|
|
include::modules/rosa-cli-hcp-examples.adoc[leveloffset=+1]
|
|
endif::[]
|
|
ifdef::temp-ifdef[]
|
|
include::modules/rosa-cli-classic-examples.adoc[leveloffset=+1]
|
|
endif::[]
|
|
|
|
include::modules/rosa-cli-no-permissions-required.adoc[leveloffset=+1]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_min-permissions-required"]
|
|
== Additional resources
|
|
|
|
* For more information about AWS roles, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html[IAM roles].
|
|
* For more information about AWS policies and permissions, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html[Policies and permissions in IAM]. |