OSDOCS-10335: Add missing trust policies to ROSA docs

bhardesty · bhardesty · commit 70499bf893e7 · 2024-07-01T15:46:14.000-04:00
diff --git a/modules/rosa-sts-account-wide-roles-and-policies.adoc b/modules/rosa-sts-account-wide-roles-and-policies.adoc
@@ -658,6 +658,78 @@ The account number present in the `sts_installer_trust_policy.json` and `sts_sup
 ----
 ====
 
+.ROSA OCM role and policy file
+[cols="1,2",options="header"]
+|===
+
+|Resource|Description
+
+|`ManagedOpenShift-OCM-Role`
+|You use this IAM role to create and maintain ROSA clusters in  {cluster-manager}.
+
+|===
+
+.`sts_ocm_role_trust_policy.json`
+[%collapsible]
+====
+[source,json]
+----
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::710019948333:role/RH-Managed-OpenShift-Installer"
+            },
+            "Action": "sts:AssumeRole",
+            "Condition": {
+                "StringEquals": {
+                    "sts:ExternalId": "<OCM_account_ID>"
+                }
+            }
+        }
+    ]
+}
+----
+====
+
+.ROSA user role and policy file
+[cols="1,2",options="header"]
+|===
+
+|Resource|Description
+
+|`ManagedOpenShift-User-<OCM_user>-Role`
+|An IAM role used by Red{nbsp}Hat to verify the customer's AWS identity.
+
+|===
+
+.`sts_user_role_trust_policy.json`
+[%collapsible]
+====
+[source,json]
+----
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::710019948333:role/RH-Managed-OpenShift-Installer"
+            },
+            "Action": "sts:AssumeRole",
+            "Condition": {
+                "StringEquals": {
+                    "sts:ExternalId": "<OCM_account_ID>"
+                }
+            }
+        }
+    ]
+}
+----
+====
+
 .ROSA Ingress Operator IAM policy and policy file
 [cols="1,2",options="header"]
 |===
