Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1976

Enable STS Cloudwatch Role

    XMLWordPrintable

Details

    • Enable STS Cloudwatch Role
    • False
    • False
    • OBSDA-59CloudWatch log forwarding add-on needs to support STS installations
    • Yellow
    • NEW
    • In Progress
    • OBSDA-59 - CloudWatch log forwarding add-on needs to support STS installations
    • VERIFIED
    • 100
    • 100% 100%
    • 5
    • Feature Freeze

    Description

      Goals

      The goal is allow administrators to use an STS Role for authentication to Cloudwatch in lieu of a access token and credentials.  

      Non-Goals

      Motivation

      There is a larger movement with OpenShift to improve security by depending upon a role that allows token rotation instead of static tokens that would be required to be rotated manually.

      Alternatives

      Acceptance Criteria

      • Verify CLF writes logs to CW using the STS Role instead of an access token

      Risk and Assumptions

      Documentation Considerations

      • Update the CLF documentation to include the opinionated key for the role

      Open Questions

      Additional Notes

      Attachments

        Issue Links

          Activity

            People

              jcantril@redhat.com Jeffrey Cantrill
              jcantril@redhat.com Jeffrey Cantrill
              Anping Li Anping Li
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: