Merge pull request #64391 from bmcelvee/OSDOCS-7643

OSDOCS-7643: Privatelink endpoint creation

Author: EricPonvelle

modules/rosa-sre-access-privatelink-vpc.adoc

@@ -0,0 +1,14 @@
+:_content-type: CONCEPT
+[id="rosa-sre-access-privatelink-vpc.adoc_{context}"]
+= SRE access through PrivateLink VPC endpoint service 
+
+PrivateLink VPC endpoint service is created as part of the ROSA cluster creation. 
+
+When you have a PrivateLink ROSA cluster, its Kubernetes API Server is exposed through a load balancer that can only be accessed from within the VPC by default. Red Hat site reliability engineering (SRE) can connect to this load balancer through a VPC Endpoint Service that has an associated VPC Endpoint in a Red Hat-owned AWS account. This endpoint service contains the name of the cluster, which is also in the ARN.
+
+Under the *Allow principals* tab, a Red Hat-owned AWS account is listed. This specific user ensures that other entities cannot create VPC Endpoint connections to the PrivateLink cluster’s Kubernetes API Server. 
+
+When Red Hat SREs access the API, this fleet management plane can connect to the internal API through the VPC endpoint service.
+
+
+

rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc

@@ -1,9 +1,10 @@
-////
 :_content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: rosa-sre-access
 [id="rosa-sre-access"]
 = SRE and service account access
 
+Red Hat site reliability engineering (SRE) access to ROSA clusters is outlined through identity and access management. 
+
 include::modules/rosa-policy-identity-access-management.adoc[leveloffset=+1]
-////
+include::modules/rosa-sre-access-privatelink-vpc.adoc[leveloffset=+1]