Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-219

Explore the option of creating private S3 bucket to host OIDC endpoint

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Major Major
    • 4.12
    • openshift-4.10, openshift-4.11, openshift-4.12
    • [Spike] Explore the option of creating private S3 bucket to host OIDC endpoint
    • False
    • None
    • False
    • Not Selected
    • In Progress

      Currently, ccoctl creates a public S3 bucket to host OIDC endpoint that is accessible over the internet. Many customers have complained about this approach as their security policies do not allow creation of public S3 bucket. As part of this spike, we need to explore if there is any way we can make it private. Some of the options explored by SPLAT team are in the attached diagram (private_S3_options.png). We need to explore if any of those options are feasible.

        1. private_S3_options.png
          private_S3_options.png
          150 kB
        2. AWS STS.jpeg
          AWS STS.jpeg
          56 kB
        3. aws-iam-oidc-flow.drawio.png
          aws-iam-oidc-flow.drawio.png
          124 kB

              Unassigned Unassigned
              akhilrane Akhil Rane (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: