Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-219

Explore the option of creating private S3 bucket to host OIDC endpoint

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Major Major
    • 4.12
    • openshift-4.10, openshift-4.11, openshift-4.12
    • [Spike] Explore the option of creating private S3 bucket to host OIDC endpoint
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • None

      Currently, ccoctl creates a public S3 bucket to host OIDC endpoint that is accessible over the internet. Many customers have complained about this approach as their security policies do not allow creation of public S3 bucket. As part of this spike, we need to explore if there is any way we can make it private. Some of the options explored by SPLAT team are in the attached diagram (private_S3_options.png). We need to explore if any of those options are feasible.

        1. private_S3_options.png
          150 kB
          Akhil Rane
        2. AWS STS.jpeg
          56 kB
          Ju Lim
        3. aws-iam-oidc-flow.drawio.png
          124 kB
          Marco Braga

              Unassigned Unassigned
              akhilrane Akhil Rane (Inactive)
              None
              None
              None
              None
              Votes:
              2 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: