openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
eb7953df7f2265c293783ef096ad96e7fc5d90ff
openshift-docs/modules/using-ccoctl-create-iam-role-alb-controller.adoc

52 lines
2.2 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * networking/networking_operators/aws-load-balancer-operator/preparing-sts-cluster-for-albo.adoc
:_mod-docs-content-type: PROCEDURE
[id="using-ccoctl-create-iam-role-alb-controller_{context}"]
= Creating an AWS IAM role for the controller by using the Cloud Credential Operator utility
[role="_abstract"]
To enable the {aws-short} Load Balancer Controller to interact with subnets and VPCs, create an IAM role by using the Cloud Credential Operator utility (`ccoctl`). This utility ensures the controller has the specific permissions required to manage network resources within the cluster.
.Prerequisites
* You must extract and prepare the `ccoctl` binary.
.Procedure
. Download the `CredentialsRequest` custom resource (CR) and store it in a directory by running the following command:
+
[source,terminal]
----
$ curl --create-dirs -o <credentials_requests_dir>/controller.yaml https://raw.githubusercontent.com/openshift/aws-load-balancer-operator/main/hack/controller/controller-credentials-request.yaml
----
. Use the `ccoctl` utility to create an {aws-short} IAM role by running the following command:
+
[source,terminal]
----
$ ccoctl aws create-iam-roles \
--name <name> \
--region=<aws_region> \
--credentials-requests-dir=<credentials_requests_dir> \
--identity-provider-arn <oidc_arn>
----
+
.Example output
[source,terminal]
----
2023/09/12 11:38:57 Role arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-controller created
2023/09/12 11:38:57 Saved credentials configuration to: /home/user/<credentials_requests_dir>/manifests/aws-load-balancer-operator-aws-load-balancer-controller-credentials.yaml
2023/09/12 11:38:58 Updated Role policy for Role <name>-aws-load-balancer-operator-aws-load-balancer-controller created
----
+
where:
+
`<name>`:: Specifies the Amazon Resource Name (ARN) for an {aws-short} IAM role that was created for the {aws-short} Load Balancer Controller, such as `arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-controller`.
+
[NOTE]
====
The length of an AWS IAM role name must be less than or equal to 12 characters.
====
View Git Blame Copy Permalink