Skip to content

Commit dee49c0

Browse files
jeana-redhatjeana-redhat
committed
[OSDOCS-4833]: Document private S3 bucket for OIDC in AWS STS
1 parent 1c54be6 commit dee49c0

File tree

1 file changed

+11
-12
lines changed

1 file changed

+11
-12
lines changed

modules/cco-ccoctl-creating-at-once.adoc

Lines changed: 11 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ ifdef::aws-sts[]
111111
0000_50_cluster-storage-operator_03_credentials_request_aws.yaml <6>
112112
----
113113
+
114-
<1> The Machine API Operator CR is required.
114+
<1> The Machine API Operator CR is required.
115115
<2> The Cloud Credential Operator CR is required.
116116
<3> The Image Registry Operator CR is required.
117117
<4> The Ingress Operator CR is required.
@@ -169,18 +169,17 @@ ifdef::aws-sts[]
169169
[source,terminal]
170170
----
171171
$ ccoctl aws create-all \
172-
--name=<name> \
173-
--region=<aws_region> \
174-
--credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests
172+
--name=<name> \// <1>
173+
--region=<aws_region> \// <2>
174+
--credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests \// <3>
175+
--output-dir=<path_to_ccoctl_output_dir> \// <4>
176+
--create-private-s3-bucket <5>
175177
----
176-
+
177-
where:
178-
+
179-
--
180-
** `<name>` is the name used to tag any cloud resources that are created for tracking.
181-
** `<aws_region>` is the AWS region in which cloud resources will be created.
182-
** `<path_to_directory_with_list_of_credentials_requests>/credrequests` is the directory containing the files for the component `CredentialsRequest` objects.
183-
--
178+
<1> Specify the name used to tag any cloud resources that are created for tracking.
179+
<2> Specify the AWS region in which cloud resources will be created.
180+
<3> Specify the directory containing the files for the component `CredentialsRequest` objects.
181+
<4> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
182+
<5> Optional: By default, the `ccoctl` utility stores the OpenID Connect (OIDC) configuration files in a public S3 bucket and uses the S3 URL as the public OIDC endpoint. To store the OIDC configuration in a private S3 bucket that is accessed by the IAM identity provider through a public CloudFront distribution URL instead, use the `--create-private-s3-bucket` parameter.
184183
+
185184
[NOTE]
186185
====

0 commit comments

Comments
 (0)