Merge pull request #60222 from jeana-redhat/OSDOCS-6134-Reorg-AWS-GCP-short-term-creds

[OSDOCS-6134]: Moving AWS & GCP short term creds install procs

Author: jeana-redhat

_topic_maps/_topic_map.yml

@@ -159,8 +159,6 @@ Topics:
     File: preparing-to-install-on-aws
   - Name: Configuring an AWS account
     File: installing-aws-account
-  - Name: Manually creating IAM
-    File: manually-creating-iam
   - Name: Installing a cluster quickly on AWS
     File: installing-aws-default
   - Name: Installing a cluster on AWS with customizations
@@ -201,7 +199,7 @@ Topics:
     File: preparing-to-install-on-azure
   - Name: Configuring an Azure account
     File: installing-azure-account
-  - Name: Manually creating IAM
+  - Name: Manually creating long-term credentials for Azure
     File: manually-creating-iam-azure
   - Name: Enabling user-managed encryption on Azure
     File: enabling-user-managed-encryption-azure
@@ -249,8 +247,6 @@ Topics:
     File: preparing-to-install-on-gcp
   - Name: Configuring a GCP project
     File: installing-gcp-account
-  - Name: Manually creating IAM
-    File: manually-creating-iam-gcp
   - Name: Installing a cluster quickly on GCP
     File: installing-gcp-default
   - Name: Installing a cluster on GCP with customizations
@@ -1139,16 +1135,14 @@ Topics:
   Topics:
   - Name: About the Cloud Credential Operator
     File: about-cloud-credential-operator
-  - Name: Using mint mode
+  - Name: Mint mode
     File: cco-mode-mint
-  - Name: Using passthrough mode
+  - Name: Passthrough mode
     File: cco-mode-passthrough
-  - Name: Using manual mode
+  - Name: Manual mode with long-term credentials for components
     File: cco-mode-manual
-  - Name: Using manual mode with AWS Security Token Service
-    File: cco-mode-sts
-  - Name: Using manual mode with GCP Workload Identity
-    File: cco-mode-gcp-workload-identity
+  - Name: Manual mode with short-term credentials for components
+    File: cco-short-term-creds
 ---
 Name: Networking
 Dir: networking

authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc renamed to _unused_topics/cco-mode-gcp-workload-identity.adoc

@@ -19,11 +19,9 @@ By setting different values for the `credentialsMode` parameter in the `install-
 
 * **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc#cco-mode-passthrough[Passthrough]**: In passthrough mode, the CCO passes the provided cloud credential to the components that request cloud credentials.
 
-* **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc#cco-mode-manual[Manual]**: In manual mode, a user manages cloud credentials instead of the CCO.
+* **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc#cco-mode-manual[Manual mode with long-term credentials for components]**: In manual mode, you can manage long-term cloud credentials instead of the CCO.
 
-** **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-mode-sts[Manual with AWS Security Token Service]**: In manual mode, you can configure an AWS cluster to use Amazon Web Services Security Token Service (AWS STS). With this configuration, the CCO uses temporary credentials for different components.
-
-** **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc#cco-mode-gcp-workload-identity[Manual with GCP Workload Identity]**: In manual mode, you can configure a GCP cluster to use GCP Workload Identity. With this configuration, the CCO uses temporary credentials for different components.
+* **xref:../../authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc#cco-short-term-creds[Manual mode with short-term credentials for components]**: For some providers, you can use the CCO utility (`ccoctl`) during installation to implement short-term credentials for individual components. These credentials are created and managed outside the {product-title} cluster.
 
 .CCO mode support matrix
 [cols="<.^2,^.^1,^.^1,^.^1"]
@@ -38,18 +36,18 @@ By setting different values for the `credentialsMode` parameter in the `install-
 |Amazon Web Services (AWS)
 |X
 |X
-|X
+|X ^[1]^
 
 
 |Microsoft Azure
 |
-|X ^[1]^
+|X ^[2]^
 |X
 
 |Google Cloud Platform (GCP)
 |X
 |X
-|X
+|X ^[3]^
 
 |IBM Cloud
 |
@@ -74,7 +72,9 @@ By setting different values for the `credentialsMode` parameter in the `install-
 |====
 [.small]
 --
-1. Manual mode is the only supported CCO configuration for Microsoft Azure Stack Hub.
+1. Short-term credentials with AWS Security Token Service can be configured during installation.
+2. Manual mode with long-term credentials is the only supported CCO configuration for Microsoft Azure Stack Hub.
+3. Short-term credentials with GCP Workload Identity can be configured during installation.
 --
 
 [id="cco-determine-mode_{context}"]
@@ -97,11 +97,11 @@ For platforms on which multiple modes are supported (AWS, Azure, and GCP), when
 
 By default, the CCO determines whether the credentials are sufficient for mint mode, which is the preferred mode of operation, and uses those credentials to create appropriate credentials for components in the cluster. If the credentials are not sufficient for mint mode, it determines whether they are sufficient for passthrough mode. If the credentials are not sufficient for passthrough mode, the CCO cannot adequately process `CredentialsRequest` CRs.
 
-If the provided credentials are determined to be insufficient during installation, the installation fails. For AWS, the installer fails early in the process and indicates which required permissions are missing. Other providers might not provide specific information about the cause of the error until errors are encountered.
+If the provided credentials are determined to be insufficient during installation, the installation fails. For AWS, the installation program fails early in the process and indicates which required permissions are missing. Other providers might not provide specific information about the cause of the error until errors are encountered.
 
 If the credentials are changed after a successful installation and the CCO determines that the new credentials are insufficient, the CCO puts conditions on any new `CredentialsRequest` CRs to indicate that it cannot process them because of the insufficient credentials.
 
-To resolve insufficient credentials issues, provide a credential with sufficient permissions. If an error occurred during installation, try installing again. For issues with new `CredentialsRequest` CRs, wait for the CCO to try to process the CR again. As an alternative, you can manually create IAM for xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[AWS], xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Azure], and xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[GCP].
+To resolve insufficient credentials issues, provide a credential with sufficient permissions. If an error occurred during installation, try installing again. For issues with new `CredentialsRequest` CRs, wait for the CCO to try to process the CR again. As an alternative, you can configure your cluster to use a different CCO mode that is supported for your cloud provider.
 
 [role="_additional-resources"]
 [id="additional-resources_about-cloud-credential-operator_{context}"]