Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Blocker
Fix Version/s: None
Affects Version/s: None
Labels:
- AWS
- OpenShift

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Deploy disconnected OpenShift cluster with STS
Feature Link:
OCPPLAN-5656 - AWS STS - Security Token Service

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

AWS recommends using regional STS endpoints instead of global. Make sure ccoctl creates secrets with `sts_regional_endpoints` field set to `regional`.

The sample secret data format should be as follows:

[default]
sts_regional_endpoints = regional
role_name = arn:...:role/some-role-name
web_identity_token_file = /path/to/token

slack thread: https://coreos.slack.com/archives/C040MMMG9B8/p1662653229381429

is depended on by

CORS-2356 Deploy disconnected OpenShift cluster with STS on AWS

Closed

CCO-300 Upgrade disconnected/restricted OpenShift cluster with STS on AWS

Closed

OCPBUGS-2882 [release-4.12] Make ccoctl set sts endpoints to regional in AWS credentials secrets

Closed

is related to

OCPBUGS-1629 Facing issue while configuring egress IP pool in OCP cluster which uses STS

Closed

OCPBUGS-1830 Facing issue while configuring S3 ServiceEndpoint in OCP cluster which uses STS

Closed

links to

openshift/cloud-credential-operator#491: Make ccoctl use regional STS endpoint by default

openshift/openshift-docs#53645: OSDCOS-4467: Added specific AWS URLs that must be allowlisted

(2 links to)

Assignee:: Andrew Butcher

Reporter:: Akhil Rane (Inactive)

QA Contact:: Jianping Shu

Votes:: 0 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 2022/09/08 9:15 PM

Updated:: 2023/08/09 8:53 PM

Resolved:: 2022/10/26 3:04 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates