Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Labels:
- AWS

Blocked:
False
Blocked Reason:
None
Ready:
False

SFDC Cases Links:
SFDC Cases Counter:

Currently, ccoctl creates a public S3 bucket to host OIDC endpoint that is accessible over the internet. Many customers have complained about this approach as their security policies do not allow creation of public S3 bucket. We have explored the option of making S3 bucket private and having public CloudFront URL to access OIDC configuration files in S3. We already have this tested and documented by SPLAT team. As part of this card, we need to transfer the content to CCO repo.

SPLAT document : https://drive.google.com/file/d/1z16Gi11Bt4ox-55YuRnvLSm65N9hV8a1/view

CCO document have content needs to be added: https://github.com/openshift/cloud-credential-operator/blob/master/docs/sts.md

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

private_S3_options.png
150 kB
2022/06/06 7:35 PM

documents

RFE-2898 OCP on AWS with manual STS requires private S3 bucket to host OIDC endpoint

Accepted

is related to

RFE-3614 Define custom domain in CloudFront to host OIDC public URL

Under Review

relates to

CCO-219 Explore the option of creating private S3 bucket to host OIDC endpoint

Closed

CCO-281 AWS STS Implement procedure for migrating from a public s3 bucket OIDC to a private s3 bucket OIDC with CloudFront Distribution

To Do

links to

openshift/cloud-credential-operator#468: doc(aws-sts): add alternative to host OIDC configuration in a private bucket using CloudFront

Assignee:: Akhil Rane (Inactive)

Reporter:: Akhil Rane (Inactive)

QA Contact:: Jianping Shu

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2022/06/06 7:35 PM

Updated:: 2023/02/28 2:09 PM

Resolved:: 2022/07/06 6:24 PM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates