Uploaded image for project: 'OpenShift Installer'
  1. OpenShift Installer
  2. CORS-1771

Do not add tags to user-provided AWS IAM roles

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • openshift-4.10
    • None
    • None
    • Sprint 208, Sprint 209

      User Story:

      As a user, I want to be able to:

      • use AWS IAM roles that I create without needing to give the iam:TagRole permission

      so that I can achieve

      • do an IPI AWS install with permissions bounded by tags. If the user has the iam:TagRole permission, then they effectively have all permissions since they can tag other resources.

      Acceptance Criteria:

      Description of criteria:

      • successful IPI AWS install using user-provided master and worker IAM roles and a user that does not have the iam:TagRole permission.

      (optional) Out of Scope:

      Modifying existing clusters that were installed with BYO IAM roles so that the roles are no longer tagged as shared by the cluster.

      Engineering Details:

      This does not require a design proposal.
      This does not require a feature gate.

              rna-afk Aditya Narayanaswamy
              mstaeble Matthew Staebler (Inactive)
              Yunfei Jiang Yunfei Jiang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: