Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1976

Enable STS Cloudwatch Role

    XMLWordPrintable

Details

    • Enable STS Cloudwatch Role
    • 5
    • False
    • False
    • Yellow
    • NEW
    • In Progress
    • OBSDA-59 - CloudWatch log forwarding add-on needs to support STS installations
    • OBSDA-59CloudWatch log forwarding add-on needs to support STS installations
    • VERIFIED
    • 100
    • 100% 100%

    Description

      Goals

      The goal is allow administrators to use an STS Role for authentication to Cloudwatch in lieu of a access token and credentials.  

      Non-Goals

      Motivation

      There is a larger movement with OpenShift to improve security by depending upon a role that allows token rotation instead of static tokens that would be required to be rotated manually.

      Alternatives

      Acceptance Criteria

      • Verify CLF writes logs to CW using the STS Role instead of an access token

      Risk and Assumptions

      Documentation Considerations

      • Update the CLF documentation to include the opinionated key for the role

      Open Questions

      Additional Notes

      Attachments

        Issue Links

          blocks

          Story - Used to indicate the smallest unit of work for a team to complete and is end user-facing. Created by Jira Software - do not edit or delete. LOG-2417 Enable Add-on for STS

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OBSDA-59 CloudWatch log forwarding add-on needs to support STS installations

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is blocked by

          Epic - Issue type for a big user story that needs to be broken down into a grouping of stories, tasks, and other issues that contribute to the delivery of the Epic. Created by Jira Software - do not edit or delete. LOG-1033 Update fluentd dependencies to pull in latest fixes and changes

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          Web Link KCS 6485391: Using the CloudWatch Logging add-on with ROSA STS Clusters

          GitHub openshift/openshift-docs#66628: [WIP] OBSDOCS-460: Clean up collector docs

          Activity

            People

              jcantril@redhat.com Jeffrey Cantrill
              jcantril@redhat.com Jeffrey Cantrill
              Anping Li Anping Li
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: