Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-257

Make ccoctl set sts endpoints to regional in AWS credentials secrets

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Blocker
    • None
    • None

    Description

      AWS recommends using regional STS endpoints instead of global. Make sure ccoctl creates secrets with `sts_regional_endpoints` field set to `regional`. 

       

      The sample secret data format should be as follows:

      [default]
sts_regional_endpoints = regional
role_name = arn:...:role/some-role-name
web_identity_token_file = /path/to/token

      slack thread: https://coreos.slack.com/archives/C040MMMG9B8/p1662653229381429

      Attachments

        Issue Links

          is depended on by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CORS-2356 Deploy disconnected OpenShift cluster with STS on AWS

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • In Progress

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CCO-300 Upgrade disconnected/restricted OpenShift cluster with STS on AWS

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-2882 [release-4.12] Make ccoctl set sts endpoints to regional in AWS credentials secrets

          • Undefined - Priority not specified.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-1629 Facing issue while configuring egress IP pool in OCP cluster which uses STS

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-1830 Facing issue while configuring S3 ServiceEndpoint in OCP cluster which uses STS

          • Undefined - Priority not specified.
          • Closed
          links to

          GitHub openshift/cloud-credential-operator#491: Make ccoctl use regional STS endpoint by default

          GitHub openshift/openshift-docs#53645: OSDCOS-4467: Added specific AWS URLs that must be allowlisted

          Activity

            People

              abutcher@redhat.com Andrew Butcher
              akhilrane Akhil Rane (Inactive)
              Jianping Shu Jianping Shu
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: