Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-281

AWS STS Implement procedure for migrating from a public s3 bucket OIDC to a private s3 bucket OIDC with CloudFront Distribution

    XMLWordPrintable

Details

    • Story
    • Resolution: Unresolved
    • Normal
    • None
    • None
    • False
    • None
    • False

    Description

      As an administrator of a cluster utilizing AWS STS with a public S3 bucket OIDC provider, I would like a documented procedure with steps that can be followed to migrate to a private S3 bucket with CloudFront Distribution so that I do not have to recreate my cluster.

      ccoctl documentation including parameter `--create-private-s3-bucket`: https://github.com/openshift/cloud-credential-operator/blob/a8ee8a426d38cca3f7339ecd0eac88f922b6d5a0/docs/ccoctl.md

      Existing manual procedure for configuring private S3 bucket with CloudFront Distribution: https://github.com/openshift/cloud-credential-operator/blob/master/docs/sts-private-bucket.md

      https://coreos.slack.com/archives/CE3ETN3J8/p1666174054230389?thread_ts=1665496599.847459&cid=CE3ETN3J8

       

      Attachments

        Issue Links

          is cloned by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. SPLAT-950 [aws][cco] STS Implement procedure for migrating from a public s3 bucket OIDC to a private s3 bucket OIDC with CloudFront Distribution

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CCO-219 Explore the option of creating private S3 bucket to host OIDC endpoint

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users RFE-3614 Define custom domain in CloudFront to host OIDC public URL

          • Undefined - Priority not specified.
          • Under Review

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. CCO-221 Document restricting access to OIDC S3 for STS installations using AWS CloudFront

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. CCO-222 Add ccoctl option to create private s3 bucket with OIDC configurations served through public CloudFront URL

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Feature Request - Feature requests from customers and/or users RFE-2898 OCP on AWS with manual STS requires private S3 bucket to host OIDC endpoint

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Accepted
          links to

          GitHub openshift/cloud-credential-operator#515: SPLAT-950: doc/aws-sts : steps to migrate from public bucket to private issuer URL

          Activity

            People

              Unassigned Unassigned
              abutcher@redhat.com Andrew Butcher
              Andrew Butcher, Marco Braga
              Jianping Shu Jianping Shu
              Jeana Routh Jeana Routh
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: