Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-222

Add ccoctl option to create private s3 bucket with OIDC configurations served through public CloudFront URL

XMLWordPrintable

    • False
    • None
    • False

      Currently, ccoctl creates a public S3 bucket to host OIDC endpoint that is accessible over the internet. Many customers have complained about this approach as their security policies do not allow creation of public S3 bucket. We have explored the option of making S3 bucket private and having public CloudFront URL to access OIDC configuration files in S3. We already have this tested and documented by SPLAT team. As part of this card, we need to automate this process through ccoctl by having an optional parameter.

      The sample ccoctl command to create the above-mentioned configuration can be

      ccoctl aws create-all --name=<name> --region=<aws-region> --credentials-requests-dir=<path-to-directory-with-list-of-credentials-requests> --enable-cloudfront

       

      SPLAT document : https://drive.google.com/file/d/1z16Gi11Bt4ox-55YuRnvLSm65N9hV8a1/view

              mworthin@redhat.com Mike Worthington
              akhilrane Akhil Rane (Inactive)
              Jianping Shu Jianping Shu
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: