Merge pull request #96129 from EricPonvelle/OSDOCS-14606_HCP-Install

OSDOCS-15140: Updated HCP Install guide for migration

Author: EricPonvelle

_topic_maps/_topic_map_rosa_hcp.yml

@@ -190,6 +190,12 @@ Topics:
   File: rosa-hcp-quickstart-guide
 - Name: Creating ROSA with HCP clusters using the default options
   File: rosa-hcp-sts-creating-a-cluster-quickly
+- Name: Creating a ROSA cluster using Terraform
+  Dir: terraform
+  Distros: openshift-rosa-hcp
+  Topics:
+  - Name: Creating a default ROSA cluster using Terraform
+    File: rosa-hcp-creating-a-cluster-quickly-terraform
 - Name: Creating ROSA with HCP clusters using a custom AWS KMS encryption key
   File: rosa-hcp-creating-cluster-with-aws-kms-key
 - Name: Creating a private cluster on ROSA with HCP
@@ -198,6 +204,8 @@ Topics:
   File: rosa-hcp-egress-zero-install
 - Name: Creating a ROSA with HCP cluster that uses direct authentication with an external OIDC identity provider
   File: rosa-hcp-sts-creating-a-cluster-ext-auth
+- Name: Deleting a ROSA with HCP cluster
+  File: rosa-hcp-deleting-cluster
 ---
 Name: Web console
 Dir: web_console

modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc

@@ -17,30 +17,30 @@ endif::[]
 
 This section provides steps to delete the account-wide IAM roles and policies that you created for
 ifdef::sts[]
-ROSA with STS
+{rosa-classic-short} with STS
 endif::sts[]
 ifdef::hcp[]
-{hcp-title}
+{rosa-short}
 endif::hcp[]
 deployments, along with the account-wide Operator policies. You can delete the account-wide AWS Identity and Access Management (IAM) roles and policies only after deleting all of the
 ifdef::sts[]
-{product-title} (ROSA) with AWS Security Token Services (STS)
+{rosa-classic-short} with AWS Security Token Services (STS)
 endif::sts[]
 ifdef::hcp[]
-{hcp-title}
+{rosa-short}
 endif::hcp[]
 clusters that depend on them.
 
 [IMPORTANT]
 ====
 The account-wide IAM roles and policies might be used by other
 ifdef::sts[]
-ROSA clusters
+{rosa-classic-short}
 endif::sts[]
 ifdef::hcp[]
-{product-title}
+{rosa-short}
 endif::hcp[]
-in the same AWS account. Only remove the roles if they are not required by other clusters.
+clusters in the same AWS account. Only remove the roles if they are not required by other clusters.
 ====
 
 .Prerequisites
@@ -109,24 +109,24 @@ I: Successfully deleted the hosted CP account roles
 ----
 endif::hcp[]
 +
-. Delete the account-wide in-line and Operator policies:
+. Delete the account-wide and Operator policies:
 .. Under the *Policies* page in the link:https://console.aws.amazon.com/iamv2/home#/policies[AWS IAM Console], filter the list of policies by the prefix that you specified when you created the account-wide roles and policies.
 +
 [NOTE]
 ====
 If you did not specify a custom prefix when you created the account-wide roles, search for the default prefix, `ManagedOpenShift`.
 ====
 +
-.. Delete the account-wide in-line policies and Operator policies by using the link:https://console.aws.amazon.com/iamv2/home#/policies[AWS IAM Console]. For more information about deleting IAM policies by using the AWS IAM Console, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-delete.html[Deleting IAM policies] in the AWS documentation.
+.. Delete the account-wide policies and Operator policies by using the link:https://console.aws.amazon.com/iamv2/home#/policies[AWS IAM Console]. For more information about deleting IAM policies by using the AWS IAM Console, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-delete.html[Deleting IAM policies] in the AWS documentation.
 +
 [IMPORTANT]
 ====
-The account-wide in-line and Operator IAM policies might be used by other
+The account-wide and Operator IAM policies might be used by other
 ifdef::sts[]
-ROSA clusters
+{rosa-classic-short}
 endif::sts[]
 ifdef::hcp[]
-{hcp-title}
+{rosa-short}
 endif::hcp[]
-in the same AWS account. Only remove the roles if they are not required by other clusters.
+clusters in the same AWS account. Only remove the roles if they are not required by other clusters.
 ====

modules/rosa-deleting-sts-iam-resources-account-wide.adoc

@@ -16,43 +16,43 @@ ifndef::hcp[]
 {product-title} (ROSA) with AWS Security Token Services (STS) 
 endif::hcp[]
 ifdef::hcp[]
-{hcp-title-first} 
+{rosa-short} 
 endif::hcp[]
 clusters that depend on the account-wide AWS Identity and Access Management (IAM) resources, you can delete the account-wide resources.
 
 If you no longer need to install a 
 ifndef::hcp[]
-ROSA with STS 
+{rosa-classic-short} with STS 
 endif::hcp[]
 ifdef::hcp[]
-{hcp-title} 
+{rosa-short} 
 endif::hcp[]
 cluster by using {cluster-manager-first}, you can also delete the {cluster-manager} and user IAM roles.
 
 [IMPORTANT]
 ====
 The account-wide IAM roles and policies might be used by other 
 ifndef::hcp[]
-ROSA 
+{rosa-classic-short} 
 endif::hcp[]
 ifdef::hcp[]
-{hcp-title} 
+{rosa-short} 
 endif::hcp[]
 clusters in the same AWS account. Only remove the resources if they are not required by other clusters.
 
 The {cluster-manager} and user IAM roles are required if you want to install, manage, and delete other 
 ifndef::hcp[]
-ROSA 
+{rosa-classic-short} 
 endif::hcp[]
 ifdef::hcp[]
-{product-title} 
+{rosa-short} 
 endif::hcp[]
 clusters in the same AWS account by using {cluster-manager}. Only remove the roles if you no longer need to install 
 ifndef::hcp[]
-ROSA 
+{rosa-classic-short} 
 endif::hcp[]
 ifdef::hcp[]
-{product-title} 
+{rosa-short} 
 endif::hcp[]
 clusters in your account by using {cluster-manager}. For more information about repairing your cluster if these roles are removed before deletion, see "Repairing a cluster that cannot be deleted" in _Troubleshooting cluster deployments_.
 ====

modules/rosa-getting-started-deleting-a-cluster.adoc

@@ -2,36 +2,49 @@
 //
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
-
-:_mod-docs-content-type: PROCEDURE
-[id="rosa-getting-started-deleting-a-cluster_{context}"]
-= Deleting a ROSA cluster and the AWS STS resources
+// * rosa_hcp/rosa-hcp-quickstart-guide.adoc
 
 ifeval::["{context}" == "rosa-getting-started"]
 :getting-started:
 endif::[]
 ifeval::["{context}" == "rosa-quickstart"]
 :quickstart:
 endif::[]
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-getting-started-deleting-a-cluster_{context}"]
 
+ifdef::openshift-rosa[]
+= Deleting a {rosa-classic-short} cluster and the AWS IAM STS resources
+endif::openshift-rosa[]
 ifdef::openshift-rosa-hcp[]
-You can delete a ROSA cluster by using the {product-title} (ROSA) CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console.
+= Deleting a {rosa-short} cluster and the AWS IAM STS resources
 endif::openshift-rosa-hcp[]
-ifndef::openshift-rosa-hcp[]
-You can delete a ROSA cluster that uses the AWS Security Token Service (STS) by using the {product-title} (ROSA) CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console.
+
+ifdef::openshift-rosa-hcp[]
+You can delete a {rosa-short} cluster by using the ROSA CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide and Operator policies, you can use the AWS IAM Console or the AWS CLI.
 endif::openshift-rosa-hcp[]
+ifdef::openshift-rosa[]
+You can delete a {rosa-classic-short} cluster that uses the AWS Security Token Service (STS) by using the ROSA CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console or the AWS CLI.
+endif::openshift-rosa[]
 
 [IMPORTANT]
 ====
-Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are not required by other clusters.
+Account-wide IAM roles and policies might be used by other
+ifdef::openshift-rosa[]
+{rosa-classic-short}
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}
+endif::openshift-rosa-hcp[]
+clusters in the same AWS account. You must only remove the resources if they are not required by other clusters.
 ====
 
 ifdef::getting-started[]
 .Prerequisites
 
-* You installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your workstation.
+* You installed and configured the latest ROSA CLI, `rosa`, on your workstation.
 * You logged in to your Red{nbsp}Hat account using the ROSA CLI (`rosa`).
-* You created a ROSA cluster.
+* You created a {rosa-classic} cluster.
 endif::[]
 
 .Procedure
@@ -45,10 +58,10 @@ $ rosa delete cluster --cluster=<cluster_name> --watch
 +
 [IMPORTANT]
 ====
-You must wait for the cluster deletion to complete before you remove the IAM roles, policies, and OIDC provider. The account-wide roles are required to delete the resources created by the installer. The cluster-specific Operator roles are required to clean-up the resources created by the OpenShift Operators. The Operators use the OIDC provider to authenticate.
+You must wait for the cluster deletion to complete before you remove the IAM roles, policies, and OIDC provider. The account-wide roles are required to delete the resources created by the installer. The cluster-specific Operator roles are required to clean-up the resources created by the OpenShift Operators. The Operators use the OIDC provider to authenticate with AWS APIs.
 ====
 
-.  Delete the OIDC provider that the cluster Operators use to authenticate:
+.  After the cluster is deleted, delete the OIDC provider that the cluster Operators use to authenticate:
 +
 [source,terminal]
 ----
@@ -80,24 +93,24 @@ Account-wide IAM roles and policies might be used by other ROSA clusters in the
 ----
 $ rosa delete account-roles --prefix <prefix> --mode auto <1>
 ----
-<1> You must include the `--<prefix>` argument. Replace `<prefix>` with the prefix of the account-wide roles to delete. If you did not specify a custom prefix when you created the account-wide roles, specify the default prefix, `ManagedOpenShift`.
+<1> You must include the `--<prefix>` argument. Replace `<prefix>` with the prefix of the account-wide roles to delete. If you did not specify a custom prefix when you created the account-wide roles, specify the default prefix, depending on how they were created, `HCP-ROSA` or `ManagedOpenShift`.
 
 ifdef::openshift-rosa-hcp[]
-. Delete the account-wide inline and Operator IAM policies that you created for ROSA deployments:
-endif::openshift-rosa-hcp[]
-ifndef::openshift-rosa-hcp[]
-. Delete the account-wide inline and Operator IAM policies that you created for ROSA deployments that use STS:
+. Delete the account-wide and Operator IAM policies that you created for {rosa-short} deployments:
 endif::openshift-rosa-hcp[]
+ifdef::openshift-rosa[]
+. Delete the account-wide and Operator IAM policies that you created for {rosa-classic-short} deployments that use STS:
+endif::openshift-rosa[]
 +
 .. Log in to the link:https://console.aws.amazon.com/iamv2/home#/home[AWS IAM Console].
 .. Navigate to *Access management* -> *Policies* and select the checkbox for one of the account-wide policies.
 .. With the policy selected, click on *Actions* -> *Delete* to open the delete policy dialog.
 .. Enter the policy name to confirm the deletion and select *Delete* to delete the policy.
-.. Repeat this step to delete each of the account-wide inline and Operator policies for the cluster.
+.. Repeat this step to delete each of the account-wide and Operator policies for the cluster.
 
 ifeval::["{context}" == "rosa-getting-started"]
-:getting-started:
+:!getting-started:
 endif::[]
 ifeval::["{context}" == "rosa-quickstart"]
-:quickstart:
+:!quickstart:
 endif::[]

modules/rosa-getting-started-enable-rosa.adoc

@@ -7,7 +7,14 @@
 [id="rosa-getting-started-verifying-rosa-prerequisites_{context}"]
 = Verifying ROSA prerequisites
 
-Use the steps in this procedure to enable {product-title} (ROSA) in your AWS account.
+Use the steps in this procedure to enable
+ifdef::openshift-rosa[]
+{rosa-classic-short}
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}
+endif::openshift-rosa-hcp[]
+in your AWS account.
 
 .Prerequisites
 

modules/rosa-getting-started-environment-setup.adoc

@@ -2,11 +2,19 @@
 //
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
+// * rosa_hcp/rosa-hcp-quickstart-guide.adoc
 
 [id="rosa-getting-started-environment-setup_{context}"]
 = Setting up the environment
 
-Before you create a {product-title} (ROSA) cluster, you must set up your environment by completing the following tasks:
+Before you create a
+ifdef::openshift-rosa[]
+{rosa-classic-short}
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}
+endif::openshift-rosa-hcp[]
+cluster, you must set up your environment by completing the following tasks:
 
 * Verify ROSA prerequisites against your AWS and Red{nbsp}Hat accounts.
 * Install and configure the required command-line interface (CLI) tools.

modules/rosa-getting-started-install-configure-cli-tools.adoc

@@ -2,6 +2,8 @@
 //
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
+// * rosa_hcp/rosa-hcp-quickstart-guide.adoc
+// * rosa_planning/rosa-sts-setting-up-environment.adoc
 
 :_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-install-configure-cli-tools_{context}"]
@@ -19,8 +21,6 @@ Several command-line interface (CLI) tools are required to deploy and work with
 . Log in to your Red{nbsp}Hat and AWS accounts to access the download page for each required tool.
 .. Log in to your Red{nbsp}Hat account at link:https://console.redhat.com[console.redhat.com].
 .. Log in to your AWS account at link:https://aws.amazon.com[aws.amazon.com].
-
-//This should be a separate module
 . Install and configure the latest AWS CLI (`aws`).
 .. Install the AWS CLI by following the link:https://aws.amazon.com/cli/[AWS Command Line Interface] documentation appropriate for your workstation.
 .. Configure the AWS CLI by specifying your `aws_access_key_id`, `aws_secret_access_key`, and `region` in the `.aws/credentials` file. For more information, see link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html[AWS Configuration basics] in the AWS documentation.
@@ -41,8 +41,7 @@ $ aws sts get-caller-identity  --output text
 ----
 <aws_account_id>    arn:aws:iam::<aws_account_id>:user/<username>  <aws_user_id>
 ----
-
-//This should be a separate module
++
 . Install and configure the latest ROSA CLI (`rosa`).
 .. Navigate to link:https://console.redhat.com/openshift/downloads[*Downloads*].
 .. Find *Red Hat OpenShift Service on AWS command line interface (`rosa)* in the list of tools and click *Download*.
@@ -92,8 +91,6 @@ Your ROSA CLI is up to date.
 // For steps to configure `rosa` tab completion for different shell types, see the help menu by running `rosa completion --help`.
 // ====
 // endif::[]
-
-//The following should probably also be a separate module
 . Log in to the ROSA CLI using an offline access token.
 .. Run the login command:
 +
@@ -121,7 +118,6 @@ To login to your Red Hat account, get an offline access token at https://console
 ====
 In the future you can specify the offline access token by using the `--token="<offline_access_token>"` argument when you run the `rosa login` command.
 ====
-
 .. Verify that you are logged in and confirm that your credentials are correct before proceeding:
 +
 [source,terminal]
@@ -144,8 +140,6 @@ OCM Organization ID:          <org_id>
 OCM Organization Name:        Your organization
 OCM Organization External ID: <external_org_id>
 ----
-
-//This should be a separate module
 . Install and configure the latest OpenShift CLI (`oc`).
 .. Use the ROSA CLI to download the `oc` CLI.
 +

modules/rosa-hcp-create-network.adoc

@@ -10,11 +10,11 @@ ifeval::["{context}" == "rosa-hcp-egress-zero-install"]
 endif::[]
 :_mod-docs-content-type: PROCEDURE
 [id="rosa-hcp-create-network_{context}"]
-= Creating a Virtual Private Cloud using the ROSA CLI
+= Creating an AWS VPC using the ROSA CLI
 
-The `rosa create network` command is available in v.1.2.48 or later of the ROSA command-line interface (CLI). The command uses AWS CloudFormation to create a VPC and the other networking components used to install a ROSA cluster. CloudFormation is a native AWS infrastructure-as-code tool and is compatible with the AWS CLI.
+The `rosa create network` command is available in v.1.2.48 or later of the ROSA command-line interface (CLI). The command uses AWS CloudFormation to create a VPC and associated networking components necessary to install a {rosa-short} cluster. CloudFormation is a native AWS infrastructure-as-code tool and is compatible with the AWS CLI.
 
-If you do not specify a template, CloudFormation uses a default template that creates the following parameters:
+If you do not specify a template, CloudFormation uses a default template that creates resources with the following parameters:
 
 [cols="2a,3a",options="header"]
 |===

modules/rosa-hcp-deleting-cluster.adoc

@@ -6,7 +6,7 @@
 [id="rosa-hcp-deleting-cluster_{context}"]
 = Deleting a {hcp-title} cluster and the cluster-specific IAM resources
 
-You can delete a {hcp-title} cluster by using the ROSA command-line interface (CLI) (`rosa`) or {cluster-manager-first}.
+You can delete a {rosa-short} cluster by using the ROSA command-line interface (CLI) (`rosa`) or {cluster-manager-first}.
 
 After deleting the cluster, you can clean up the cluster-specific Identity and Access Management (IAM) resources in your AWS account by using the ROSA CLI. The cluster-specific resources include the Operator roles and the OpenID Connect (OIDC) provider.
 
@@ -19,7 +19,7 @@ If add-ons are installed, the cluster deletion takes longer because add-ons are
 
 .Prerequisites
 
-* You have installed a {hcp-title} cluster.
+* You have installed a {rosa-short} cluster.
 * You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
 
 .Procedure