Skip to content

Commit 350279f

Browse files
smunje1smunje1
committed
OSDOCS-8955
1 parent 2d426ba commit 350279f

File tree

1 file changed

+15
-114
lines changed

1 file changed

+15
-114
lines changed

modules/rosa-create-an-identity-based-policy.adoc

Lines changed: 15 additions & 114 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,19 @@ You can create an identity-based Identity and Access Management (IAM) policy tha
1818
. In the IAM console, select *Policies* from the left navigation menu.
1919
. Click *Create policy*.
2020
. Select the *JSON* tab to define the policy using JSON format.
21-
. Copy and paste the following JSON policy document into the editor:
21+
. To get the IP addresses that you need to enter into the JSON policy document, run the following command:
22+
+
23+
[source,terminal]
24+
----
25+
$ ocm get /api/clusters_mgmt/v1/trusted_ip_addresses
26+
----
27+
+
28+
[NOTE]
29+
====
30+
These IP addresses are not permanent and are subject to change. You must continuously review the API output and make the necessary updates in the JSON policy document.
31+
====
32+
+
33+
. Copy and paste the following `policy_document.json` file into the editor:
2234
+
2335
[source,json]
2436
----
@@ -31,114 +43,7 @@ You can create an identity-based Identity and Access Management (IAM) policy tha
3143
"Resource": "*",
3244
"Condition": {
3345
"NotIpAddress": {
34-
"aws:SourceIp": [
35-
"3.223.162.20/32",
36-
"3.233.177.185/32",
37-
"54.209.120.28/32",
38-
"23.21.192.204/32",
39-
"23.23.16.23/32",
40-
"3.217.67.187/32",
41-
"34.206.248.211/32",
42-
"34.237.192.147/32",
43-
"52.1.97.230/32",
44-
"18.214.192.218/32",
45-
"3.218.132.183/32",
46-
"52.202.67.83/32",
47-
"18.220.162.161/32",
48-
"18.224.36.208/32",
49-
"3.143.200.173/32",
50-
"54.197.245.192/32",
51-
"3.23.162.248/32",
52-
"44.217.70.145/32",
53-
"52.202.89.184/32",
54-
"54.174.41.137/32",
55-
"3.231.181.77/32",
56-
"44.193.253.218/32",
57-
"52.201.38.139/32",
58-
"34.205.217.112/32",
59-
"23.22.217.39/32",
60-
"44.193.121.36/32",
61-
"54.211.144.4/32",
62-
"34.194.251.19/32",
63-
"44.196.79.250/32",
64-
"52.45.208.183/32",
65-
"100.20.120.76/32",
66-
"100.20.197.29/32",
67-
"52.26.177.23/32",
68-
"34.197.214.203/32",
69-
"35.170.167.51/32",
70-
"52.23.44.43/32",
71-
"44.228.245.162/32",
72-
"44.238.205.35/32",
73-
"54.203.216.175/32",
74-
"34.237.49.153/32",
75-
"44.196.177.146/32",
76-
"52.23.117.40/32",
77-
"44.225.234.235/32",
78-
"44.241.225.78/32",
79-
"44.241.55.3/32",
80-
"34.237.180.56/32",
81-
"44.205.240.205/32",
82-
"52.54.93.238/32",
83-
"35.155.66.53/32",
84-
"44.231.249.237/32",
85-
"44.233.161.100/32",
86-
"3.229.185.234/32",
87-
"54.147.98.63/32",
88-
"54.163.100.197/32",
89-
"23.20.194.86/32",
90-
"23.22.242.238/32",
91-
"54.147.218.140/32",
92-
"52.21.229.141/32",
93-
"54.227.5.10/32",
94-
"54.146.138.135/32",
95-
"23.21.239.1/32",
96-
"52.20.145.130/32",
97-
"54.157.89.24/32",
98-
"107.22.162.110/32",
99-
"3.223.147.2/32",
100-
"54.88.225.66/32",
101-
"54.177.143.128/32",
102-
"54.219.250.189/32",
103-
"18.135.14.84/32",
104-
"18.135.218.119/32",
105-
"3.11.51.55/32",
106-
"3.233.86.181/32",
107-
"34.226.229.129/32",
108-
"44.194.44.138/32",
109-
"34.216.5.118/32",
110-
"52.11.52.9/32",
111-
"52.40.203.77/32",
112-
"18.217.173.123/32",
113-
"3.13.34.119/32",
114-
"3.19.160.232/32",
115-
"18.188.187.143/32",
116-
"18.216.245.132/32",
117-
"52.14.85.89/32",
118-
"52.21.184.148/32",
119-
"44.194.57.131/32",
120-
"18.188.65.148/32",
121-
"3.130.101.176/32",
122-
"3.130.198.233/32",
123-
"54.210.128.71/32",
124-
"54.227.100.14/32",
125-
"54.92.188.93/32",
126-
"107.22.5.187/32",
127-
"3.217.212.27/32",
128-
"52.22.56.3/32",
129-
"52.5.10.152/32",
130-
"54.237.41.201/32",
131-
"34.202.145.72/32",
132-
"52.205.239.95/32",
133-
"54.236.208.68/32",
134-
"3.234.64.191/32",
135-
"34.195.159.252/32",
136-
"34.228.34.122/32",
137-
"54.205.89.242/32",
138-
"209.132.0.0/16",
139-
"66.187.0.0/16",
140-
"2620:0052:0004:0000:0000:0000:0000:0000/48"
141-
]
46+
"aws:SourceIp": []
14247
},
14348
"Bool": {
14449
"aws:ViaAWSService": "false"
@@ -149,11 +54,7 @@ You can create an identity-based Identity and Access Management (IAM) policy tha
14954
}
15055
----
15156
+
152-
[NOTE]
153-
====
154-
This list is subject to change. Additionally, you must specify the IP addresses in CIDR notation.
155-
====
156-
+
57+
. Copy and paste all of the IP addresses, which you got in Step 6, into the `"aws:SourceIp": []` array in your `policy_document.json` file.
15758
. Click *Review and create*.
15859
. Provide a name and description for the policy, and review the details for accuracy.
15960
. Click *Create policy* to save the policy.

0 commit comments

Comments
 (0)