Skip to content

Commit 416d550

Browse files
smunje1smunje1
committed
OCPBUGS-10994
1 parent 4fb3beb commit 416d550

File tree

3 files changed

+16
-16
lines changed

3 files changed

+16
-16
lines changed

modules/rosa-sts-account-wide-role-and-policy-commands.adoc

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ This section lists the `aws` CLI commands that the `rosa` command generates in t
1111
[id="rosa-sts-account-wide-role-and-policy-aws-cli-manual-mode_{context}"]
1212
== Using manual mode for account role creation
1313

14-
The manual role creation mode generates the `aws` commands for you to review and run. The following command starts that process:
14+
The manual role creation mode generates the `aws` commands for you to review and run. The following command starts that process, where `<openshift_version>` refers to your version of {product-title} (ROSA), such as `4.14`.
1515

1616
[source,terminal]
1717
----
@@ -29,7 +29,7 @@ The provided command examples include the `ManagedOpenShift` prefix. The `Manage
2929
aws iam create-role \
3030
--role-name ManagedOpenShift-Installer-Role \
3131
--assume-role-policy-document file://sts_installer_trust_policy.json \
32-
--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=installer
32+
--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=installer
3333
3434
aws iam put-role-policy \
3535
--role-name ManagedOpenShift-Installer-Role \
@@ -39,7 +39,7 @@ aws iam put-role-policy \
3939
aws iam create-role \
4040
--role-name ManagedOpenShift-ControlPlane-Role \
4141
--assume-role-policy-document file://sts_instance_controlplane_trust_policy.json \
42-
--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=instance_controlplane
42+
--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=instance_controlplane
4343
4444
aws iam put-role-policy \
4545
--role-name ManagedOpenShift-ControlPlane-Role \
@@ -49,7 +49,7 @@ aws iam put-role-policy \
4949
aws iam create-role \
5050
--role-name ManagedOpenShift-Worker-Role \
5151
--assume-role-policy-document file://sts_instance_worker_trust_policy.json \
52-
--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=instance_worker
52+
--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=instance_worker
5353
5454
aws iam put-role-policy \
5555
--role-name ManagedOpenShift-Worker-Role \
@@ -59,7 +59,7 @@ aws iam put-role-policy \
5959
aws iam create-role \
6060
--role-name ManagedOpenShift-Support-Role \
6161
--assume-role-policy-document file://sts_support_trust_policy.json \
62-
--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=support
62+
--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=support
6363
6464
aws iam put-role-policy \
6565
--role-name ManagedOpenShift-Support-Role \
@@ -69,27 +69,27 @@ aws iam put-role-policy \
6969
aws iam create-policy \
7070
--policy-name ManagedOpenShift-openshift-ingress-operator-cloud-credentials \
7171
--policy-document file://openshift_ingress_operator_cloud_credentials_policy.json \
72-
--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-ingress-operator Key=operator_name,Value=cloud-credentials
72+
--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-ingress-operator Key=operator_name,Value=cloud-credentials
7373
7474
aws iam create-policy \
7575
--policy-name ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credent \
7676
--policy-document file://openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json \
77-
--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-cluster-csi-drivers Key=operator_name,Value=ebs-cloud-credentials
77+
--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-cluster-csi-drivers Key=operator_name,Value=ebs-cloud-credentials
7878
7979
aws iam create-policy \
8080
--policy-name ManagedOpenShift-openshift-machine-api-aws-cloud-credentials \
8181
--policy-document file://openshift_machine_api_aws_cloud_credentials_policy.json \
82-
--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-machine-api Key=operator_name,Value=aws-cloud-credentials
82+
--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-machine-api Key=operator_name,Value=aws-cloud-credentials
8383
8484
aws iam create-policy \
8585
--policy-name ManagedOpenShift-openshift-cloud-credential-operator-cloud-crede \
8686
--policy-document file://openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json \
87-
--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-cloud-credential-operator Key=operator_name,Value=cloud-credential-operator-iam-ro-creds
87+
--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-cloud-credential-operator Key=operator_name,Value=cloud-credential-operator-iam-ro-creds
8888
8989
aws iam create-policy \
9090
--policy-name ManagedOpenShift-openshift-image-registry-installer-cloud-creden \
9191
--policy-document file://openshift_image_registry_installer_cloud_credentials_policy.json \
92-
--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
92+
--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
9393
----
9494

9595
[discrete]

modules/rosa-sts-account-wide-roles-and-policies.adoc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77

88
This section provides details about the account-wide IAM roles and policies that are required for ROSA deployments that use STS, including the Operator policies. It also includes the JSON files that define the policies.
99

10-
The account-wide roles and policies are specific to an OpenShift minor release version, for example OpenShift 4.8, and are backward compatible. You can minimize the required STS resources by reusing the account-wide roles and policies for multiple clusters of the same minor version, regardless of their patch version.
10+
The account-wide roles and policies are specific to an OpenShift minor release version, for example OpenShift 4.14, and are backward compatible. You can minimize the required STS resources by reusing the account-wide roles and policies for multiple clusters of the same minor version, regardless of their patch version.
1111

1212
[id="rosa-sts-account-wide-roles-and-policies-creation-methods_{context}"]
1313
== Methods of account-wide role creation

modules/rosa-sts-operator-role-commands.adoc

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ When using `manual` mode, the `aws` commands are printed to the terminal for you
2323
aws iam create-role \
2424
--role-name <cluster_name>-<hash>-openshift-cluster-csi-drivers-ebs-cloud-credent \
2525
--assume-role-policy-document file://operator_cluster_csi_drivers_ebs_cloud_credentials_policy.json \
26-
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cluster-csi-drivers Key=operator_name,Value=ebs-cloud-credentials
26+
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cluster-csi-drivers Key=operator_name,Value=ebs-cloud-credentials
2727
2828
aws iam attach-role-policy \
2929
--role-name <cluster_name>-<hash>-openshift-cluster-csi-drivers-ebs-cloud-credent \
@@ -32,7 +32,7 @@ aws iam attach-role-policy \
3232
aws iam create-role \
3333
--role-name <cluster_name>-<hash>-openshift-machine-api-aws-cloud-credentials \
3434
--assume-role-policy-document file://operator_machine_api_aws_cloud_credentials_policy.json \
35-
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-machine-api Key=operator_name,Value=aws-cloud-credentials
35+
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-machine-api Key=operator_name,Value=aws-cloud-credentials
3636
3737
aws iam attach-role-policy \
3838
--role-name <cluster_name>-<hash>-openshift-machine-api-aws-cloud-credentials \
@@ -41,7 +41,7 @@ aws iam attach-role-policy \
4141
aws iam create-role \
4242
--role-name <cluster_name>-<hash>-openshift-cloud-credential-operator-cloud-crede \
4343
--assume-role-policy-document file://operator_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json \
44-
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cloud-credential-operator Key=operator_name,Value=cloud-credential-operator-iam-ro-creds
44+
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cloud-credential-operator Key=operator_name,Value=cloud-credential-operator-iam-ro-creds
4545
4646
aws iam attach-role-policy \
4747
--role-name <cluster_name>-<hash>-openshift-cloud-credential-operator-cloud-crede \
@@ -50,7 +50,7 @@ aws iam attach-role-policy \
5050
aws iam create-role \
5151
--role-name <cluster_name>-<hash>-openshift-image-registry-installer-cloud-creden \
5252
--assume-role-policy-document file://operator_image_registry_installer_cloud_credentials_policy.json \
53-
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
53+
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
5454
5555
aws iam attach-role-policy \
5656
--role-name <cluster_name>-<hash>-openshift-image-registry-installer-cloud-creden \
@@ -59,7 +59,7 @@ aws iam attach-role-policy \
5959
aws iam create-role \
6060
--role-name <cluster_name>-<hash>-openshift-ingress-operator-cloud-credentials \
6161
--assume-role-policy-document file://operator_ingress_operator_cloud_credentials_policy.json \
62-
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-ingress-operator Key=operator_name,Value=cloud-credentials
62+
--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-ingress-operator Key=operator_name,Value=cloud-credentials
6363
6464
aws iam attach-role-policy \
6565
--role-name <cluster_name>-<hash>-openshift-ingress-operator-cloud-credentials \

0 commit comments

Comments
 (0)