openshift-docs/modules/bootstrap-aws-load-balancer-operator.adoc

// Module included in the following assemblies:
// * networking/installing-albo-sts-cluster.adoc

:_content-type: PROCEDURE
[id="nw-bootstra-albo-on-sts-cluster_{context}"]
= Bootstrapping AWS Load Balancer Operator on Secure Token Service cluster

.Prerequisites

* You must extract and prepare the `coctl` binary.

.Procedure

. Download the `CredentialsRequest` custom resource (CR) of the AWS Load Balancer Operator, and create a directory to store it by running the following command:
+
[source,terminal]
----
$ curl --create-dirs -o <path-to-credrequests-dir>/cr.yaml https://raw.githubusercontent.com/openshift/aws-load-balancer-operator/main/hack/operator-credentials-request.yaml
----

. Use the `ccoctl` tool to process `CredentialsRequest` objects of the AWS Load Balancer Operator, by running the following command:
+
[source,terminal]
----
$ ccoctl aws create-iam-roles \
    --name <name> --region=<aws_region> \
    --credentials-requests-dir=<path-to-credrequests-dir> \
    --identity-provider-arn <oidc-arn>
----

. Apply the secrets generated in the manifests directory of your cluster by running the following command:
+
[source,terminal]
----
$ ls manifests/*-credentials.yaml | xargs -I{} oc apply -f {}
----

. Verify that the credentials secret of the AWS Load Balancer Operator is created by running the following command:
+
[source,terminal]
----
$ oc -n aws-load-balancer-operator get secret aws-load-balancer-operator --template='{{index .data "credentials"}}' | base64 -d
----
+
.Example output
[source,terminal]
----
[default]
sts_regional_endpoints = regional
role_arn = arn:aws:iam::999999999999:role/aws-load-balancer-operator-aws-load-balancer-operator
web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
----