Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1976

Enable STS Cloudwatch Role

    XMLWordPrintable

Details

    • Enable STS Cloudwatch Role
    • False
    • False
    • OBSDA-59CloudWatch log forwarding add-on needs to support STS installations
    • Yellow
    • NEW
    • In Progress
    • OBSDA-59 - CloudWatch log forwarding add-on needs to support STS installations
    • VERIFIED
    • 100
    • 100% 100%

    Description

      Goals

      The goal is allow administrators to use an STS Role for authentication to Cloudwatch in lieu of a access token and credentials.  

      Non-Goals

      Motivation

      There is a larger movement with OpenShift to improve security by depending upon a role that allows token rotation instead of static tokens that would be required to be rotated manually.

      Alternatives

      Acceptance Criteria

      • Verify CLF writes logs to CW using the STS Role instead of an access token

      Risk and Assumptions

      Documentation Considerations

      • Update the CLF documentation to include the opinionated key for the role

      Open Questions

      Additional Notes

      Attachments

        Issue Links

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: LOG

              People

                jcantril@redhat.com Jeffrey Cantrill
                jcantril@redhat.com Jeffrey Cantrill
                Anping Li Anping Li
                Votes:
                1 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: