openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
bccb026e9beac58ee57722f69a0841cce4e9ce28
openshift-docs/modules/config-aws-access.adoc
Kathryn Alexander 90d985a0bb [enterprise-4.14] changing content type attribute
2023-10-30 10:13:25 -04:00

76 lines
3.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// Module included in the following assemblies:
//
// * osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
:_mod-docs-content-type: PROCEDURE
[id="config-aws-access_{context}"]
= Configuring AWS infrastructure access
// TODO: I see {AWS} and {GCP} only used a handful of time, but their written out form much more. Should all hardcoded instances be updated to use the attributes?
{AWS} infrastructure access allows link:https://access.redhat.com/node/3610411[Customer Portal Organization Administrators] and cluster owners to enable AWS Identity and Access Management (IAM) users to have federated access to the AWS Management Console for their {product-title} cluster. Administrators can select between `Network Management` or `Read-only` access options.
.Prerequisites
* An AWS account with IAM permissions.
.Procedure
. Log in to your AWS account. If necessary, you can create a new AWS account by following the link:https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/[AWS documentation].
. Create an IAM user with `STS:AllowAssumeRole` permissions within the AWS account.
.. Open the link:https://console.aws.amazon.com/iam/home#/home[IAM dashboard] of the AWS Management Console.
.. In the *Policies* section, click *Create Policy*.
.. Select the *JSON* tab and replace the existing text with the following:
+
[source,json]
----
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "*"
}
]
}
----
.. Click *Next:Tags*.
.. Optional: Add tags. Click *Next:Review*
.. Provide an appropriate name and description, then click *Create Policy*.
.. In the *Users* section, click *Add user*.
.. Provide an appropriate user name.
.. Select *AWS Management Console access* as the AWS access type.
.. Adjust the password requirements as necessary for your organization, then click *Next:Permissions*.
.. Click the *Attach existing policies directly* option. Search for and check the policy created in previous steps.
+
[NOTE]
====
It is not recommended to set a permissions boundary.
====
.. Click *Next: Tags*, then click *Next: Review*. Confirm the configuration is correct.
.. Click *Create user*, a success page appears.
.. Gather the IAM users Amazon Resource Name (ARN). The ARN will have the following format: `arn:aws:iam::000111222333:user/username`. Click *Close*.
. Open {cluster-manager-url} in your browser and select the cluster you want to allow AWS infrastructure access.
. Select the *Access control* tab, and scroll to the *AWS Infrastructure Access* section.
. Paste the *AWS IAM ARN* and select *Network Management* or *Read-only* permissions, then click *Grant role*.
. Copy the *AWS OSD console URL* to your clipboard.
. Sign in to your AWS account with your Account ID or alias, IAM user name, and password.
. In a new browser tab, paste the AWS OSD Console URL that will be used to route to the AWS Switch Role page.
. Your account number and role will be filled in already. Choose a display name if necessary, then click *Switch Role*.
.Verification
* You now see *VPC* under *Recently visited services*.
View Git Blame Copy Permalink