Value Statement

Delta Team looking to authenticate the CAPA deployment using aws IAM role instead of using static secret. We need to know what is required to allow it.

A possible bug for v2.8 MCE keep set the IAM roles to empty string in CAPA deployment and service due to not define the IAM Role in enabling CAPA feature

ref ; https://github.com/stolostron/cluster-api-installer/blob/main/charts/cluster-api-provider-aws/values.yaml#L3

CAPA doc;

https://cluster-api-aws.sigs.k8s.io/topics/specify-management-iam-role

https://cluster-api-aws.sigs.k8s.io/clusterawsadm/clusterawsadm_bootstrap_iam

Slack Refs;

https://kubernetes.slack.com/archives/CD6U2V71N/p1747404631087999

https://redhat-internal.slack.com/archives/C08Q37PA5C1/p1745852345124629

Definition of Done for Engineering Story Owner (Checklist)

• ...

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the Customer

Portal Doc template that you can access from [The Playbook](

https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

and ensure doc acceptance criteria is met.

• Call out this sentence as it's own action:

• [ ] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.