Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1976

Enable STS Cloudwatch Role

    XMLWordPrintable

Details

    • Enable STS Cloudwatch Role
    • False
    • False
    • OBSDA-59CloudWatch log forwarding add-on needs to support STS installations
    • Yellow
    • NEW
    • In Progress
    • OBSDA-59 - CloudWatch log forwarding add-on needs to support STS installations
    • VERIFIED
    • 100
    • 100% 100%

    Description

      Goals

      The goal is allow administrators to use an STS Role for authentication to Cloudwatch in lieu of a access token and credentials.  

      Non-Goals

      Motivation

      There is a larger movement with OpenShift to improve security by depending upon a role that allows token rotation instead of static tokens that would be required to be rotated manually.

      Alternatives

      Acceptance Criteria

      • Verify CLF writes logs to CW using the STS Role instead of an access token

      Risk and Assumptions

      Documentation Considerations

      • Update the CLF documentation to include the opinionated key for the role

      Open Questions

      Additional Notes

      Attachments

        Issue Links

          blocks

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. LOG-2417 Enable Add-on for STS

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OBSDA-59 CloudWatch log forwarding add-on needs to support STS installations

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is blocked by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. LOG-1033 Update fluentd dependencies to pull in latest fixes and changes

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          Web Link KCS 6485391: Using the CloudWatch Logging add-on with ROSA STS Clusters

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: LOG

              People

                jcantril@redhat.com Jeffrey Cantrill
                jcantril@redhat.com Jeffrey Cantrill
                Anping Li Anping Li
                Votes:
                1 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: