Merge pull request #63414 from lpettyjo/OSDOCS-7073

OSDOCS#7073:Support standard STS config

Author: lpettyjo

modules/persistent-storage-csi-efs-sts.adoc

@@ -4,28 +4,27 @@
 
 :_content-type: PROCEDURE
 [id="efs-sts_{context}"]
-= Configuring AWS EFS CSI Driver Operator with Security Token Service
+= Obtaining a role Amazon Resource Name for Security Token Service
 
-This procedure explains how to configure the AWS EFS CSI Driver Operator with {product-title} on AWS Security Token Service (STS).
-
-Perform this procedure before you have installed the AWS EFS CSI Operator, but not yet installed the AWS EFS CSI driver as part of the _Installing the AWS EFS CSI Driver Operator_ procedure.
+This procedure explains how to obtain a role Amazon Resource Name (ARN) to configure the AWS EFS CSI Driver Operator with {product-title} on AWS Security Token Service (STS).
 
 [IMPORTANT]
 ====
-If you perform this procedure after installing the driver and creating volumes, your volumes will fail to mount into pods.
+Perform this procedure before you install the AWS EFS CSI Driver Operator (see _Installing the AWS EFS CSI Driver Operator_ procedure).
 ====
 
 .Prerequisites
 
-* You have access to the cluster as a user with the cluster-admin role.
+* Access to the cluster as a user with the cluster-admin role.
 * AWS account credentials
-* You have installed the AWS EFS CSI Operator.
 
 .Procedure
 
-To configure the AWS EFS CSI Driver Operator with STS:
+You can obtain the ARN role in multiple ways. The following procedure shows one method that uses the same concept and CCO utility (`ccoctl`) binary tool as cluster installation.
+
+To obtain a role ARN for configuring AWS EFS CSI Driver Operator using STS:
 
-. Extract the CCO utility (`ccoctl`) binary from the {product-title} release image, which you used to install the cluster with STS. For more information, see "Configuring the Cloud Credential Operator utility".
+. Extract the `ccoctl` from the {product-title} release image, which you used to install the cluster with STS. For more information, see "Configuring the Cloud Credential Operator utility".
 
 . Create and save an EFS `CredentialsRequest` YAML file, such as shown in the following example, and then place it in the `credrequests` directory:
 +
@@ -85,23 +84,30 @@ $ ccoctl aws create-iam-roles --name my-aws-efs --credentials-requests-dir credr
 2022/03/21 06:24:45 Updated Role policy for Role my-aws-efs-openshift-cluster-csi-drivers-aws-efs-cloud-
 ----
 
-. Create the AWS EFS cloud credentials and secret:
-+
-[source,terminal]
-----
-$ oc create -f <path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
-----
-+
-.Example
+. Copy the role ARN from the first line of the _Example output_ in the preceding step. The role ARN is between "Role" and "created". In this example, the role ARN is "arn:aws:iam::123456789012:role/my-aws-efs -openshift-cluster-csi-drivers-aws-efs-cloud". 
 +
-[source,terminal]
-----
-$ oc create -f /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
-----
-+
-.Example output
-+
-[source,terminal]
-----
-secret/aws-efs-cloud-credentials created
-----
+You will need the role ARN when you install the AWS EFS CSI Driver Operator.
+
+.Next steps
+
+//??the below step not needed for 4.14? ???
+//. Create the AWS EFS cloud credentials and secret:
+//+
+//[source, terminal]
+//----
+//$ oc create -f <path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
+//----
+//+
+//.Example
+//+
+//[source, terminal]
+//----
+//$ oc create -f /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
+//----
+//+
+//.Example output
+//+
+//[source, terminal]
+//----
+//secret/aws-efs-cloud-credentials created
+//----

modules/persistent-storage-csi-olm-operator-install.adoc

@@ -34,9 +34,14 @@ Be sure to select the *{FeatureName} CSI Driver Operator* and not the *{FeatureN
 
 .. On the *Install Operator* page, ensure that:
 +
+ifdef::openshift-rosa,openshift-enterprise[]
+* If you are using {FeatureName} with AWS Secure Token Service (STS), in the *role ARN* field, enter the ARN role copied from the last step of the _Obtaining a role Amazon Resource Name for Security Token Service_ procedure.
+endif::[]
 * *All namespaces on the cluster (default)* is selected.
 * *Installed Namespace* is set to *openshift-cluster-csi-drivers*.
 
 .. Click *Install*.
 +
 After the installation finishes, the {FeatureName} CSI Operator is listed in the *Installed Operators* section of the web console.
+
+.Next steps

modules/persistent-storage-efs-csi-driver-operator-setup.adoc

@@ -13,4 +13,10 @@ ifdef::openshift-rosa[]
 . If you are using Amazon Elastic File Storage (Amazon EFS) with AWS Secure Token Service (STS), configure the https://github.com/openshift/aws-efs-csi-driver[{FeatureName} CSI driver] with STS.
 endif::openshift-rosa[]
 
+ifdef::openshift-rosa,openshift-enterprise[]
+. If you are using {FeatureName} with AWS Secure Token Service (STS), obtain a role Amazon Resource Name (ARN) for STS. This is required for installing the {FeatureName} CSI Driver Operator.
+endif::[]
+
+. Install the {FeatureName} CSI Driver Operator.
+
 . Install the {FeatureName} CSI Driver.

storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc

@@ -32,16 +32,20 @@ include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
 :FeatureName: AWS EFS
 include::modules/persistent-storage-efs-csi-driver-operator-setup.adoc[leveloffset=+1]
 
-include::modules/persistent-storage-csi-olm-operator-install.adoc[leveloffset=+2]
-.Next steps
-* If you are using {FeatureName} with AWS Secure Token Service (STS), you must configure the {FeatureName} CSI Driver with STS. For more information, see xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#efs-sts_persistent-storage-csi-aws-efs[Configuring AWS EFS CSI Driver with STS].
-
+ifdef::openshift-rosa,openshift-enterprise[]
 include::modules/persistent-storage-csi-efs-sts.adoc[leveloffset=+2]
+
+xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs[Install the AWS EFS CSI Driver Operator].
 [role="_additional-resources"]
 .Additional resources
 * xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs[Installing the AWS EFS CSI Driver Operator]
 * xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
 * xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-efs-driver-install_persistent-storage-csi-aws-efs[Installing the {FeatureName} CSI Driver]
+endif::[]
+
+include::modules/persistent-storage-csi-olm-operator-install.adoc[leveloffset=+2]
+
+xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-efs-driver-install_persistent-storage-csi-aws-efs[Install the AWS EFS CSI Driver].
 
 include::modules/persistent-storage-csi-efs-driver-install.adoc[leveloffset=+2]