Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-219

Explore the option of creating private S3 bucket to host OIDC endpoint

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Major Major
    • 4.12
    • openshift-4.10, openshift-4.11, openshift-4.12
    • [Spike] Explore the option of creating private S3 bucket to host OIDC endpoint
    • False
    • None
    • False
    • Not Selected
    • In Progress

      Currently, ccoctl creates a public S3 bucket to host OIDC endpoint that is accessible over the internet. Many customers have complained about this approach as their security policies do not allow creation of public S3 bucket. As part of this spike, we need to explore if there is any way we can make it private. Some of the options explored by SPLAT team are in the attached diagram (private_S3_options.png). We need to explore if any of those options are feasible.

        1. private_S3_options.png
          150 kB
          Akhil Rane
        2. AWS STS.jpeg
          56 kB
          Ju Lim
        3. aws-iam-oidc-flow.drawio.png
          124 kB
          Marco Braga

            Unassigned Unassigned
            akhilrane Akhil Rane (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: