Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1976

Enable STS Cloudwatch Role

XMLWordPrintable

    • Enable STS Cloudwatch Role
    • 5
    • False
    • False
    • Yellow
    • NEW
    • In Progress
    • OBSDA-59 - CloudWatch log forwarding add-on needs to support STS installations
    • OBSDA-59CloudWatch log forwarding add-on needs to support STS installations
    • VERIFIED
    • 0% To Do, 0% In Progress, 100% Done

      Goals

      The goal is allow administrators to use an STS Role for authentication to Cloudwatch in lieu of a access token and credentials.  

      Non-Goals

      Motivation

      There is a larger movement with OpenShift to improve security by depending upon a role that allows token rotation instead of static tokens that would be required to be rotated manually.

      Alternatives

      Acceptance Criteria

      • Verify CLF writes logs to CW using the STS Role instead of an access token

      Risk and Assumptions

      Documentation Considerations

      • Update the CLF documentation to include the opinionated key for the role

      Open Questions

      Additional Notes

            [LOG-1976] Enable STS Cloudwatch Role

            Hevellyn Gomes added a comment -

            Jeff closed the JIRA.

            Hevellyn Gomes added a comment - Jeff closed the JIRA.

            Hevellyn Gomes added a comment -

            Also, can we have the confirmation that the correct procedure are the ones provided in this documentation:

            https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-external.html#forwarding-logs-to-amazon-cloudwatch-from-sts-enabled-clusters

             

             

            Hevellyn Gomes added a comment - Also, can we have the confirmation that the correct procedure are the ones provided in this documentation: https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-external.html#forwarding-logs-to-amazon-cloudwatch-from-sts-enabled-clusters    

            Oscar Arribas Arribas added a comment -

            jcantril@redhat.com, is the "Fix Version" for this jira correct (Logging 5.5.0)?

            Logging 5.5.0 was already released, but this jira is still in "Release Pending" State.

            Oscar Arribas Arribas added a comment - jcantril@redhat.com , is the " Fix Version " for this jira correct ( Logging 5.5.0 )? Logging 5.5.0 was already released, but this jira is still in " Release Pending " State .

            Anping Li added a comment -

            Verified and pass https://polarion.engineering.redhat.com/polarion/#/project/OSE/testrun?id=20220719-1036

            Anping Li added a comment - Verified and pass https://polarion.engineering.redhat.com/polarion/#/project/OSE/testrun?id=20220719-1036

            Anping Li added a comment - - edited

             landerso@redhat.com Tips,   a bug had been filed to provide some common steps to deploy STS roles manually  https://bugzilla.redhat.com/show_bug.cgi?id=2098081. 

            Anping Li added a comment - - edited   landerso@redhat.com Tips,   a bug had been filed to provide some common steps to deploy STS roles manually  https://bugzilla.redhat.com/show_bug.cgi?id=2098081. 

            Jeffrey Cantrill added a comment -

            anli@redhat.com moved this epic to "dev complete" as I believe we have resolved our fluentd impl. Vector is being taken up as part of vector GA

            Jeffrey Cantrill added a comment - anli@redhat.com moved this epic to "dev complete" as I believe we have resolved our fluentd impl. Vector is being taken up as part of vector GA

            Jeffrey Cantrill added a comment -

            Pushed to 5.5 given FF is today and we will not be completing this work

            Jeffrey Cantrill added a comment - Pushed to 5.5 given FF is today and we will not be completing this work

            Jeffrey Cantrill added a comment -

            landerso@redhat.com Please create or link any document task as needed

            Jeffrey Cantrill added a comment - landerso@redhat.com Please create or link any document task as needed

              jcantril@redhat.com Jeffrey Cantrill
              jcantril@redhat.com Jeffrey Cantrill
              Anping Li Anping Li
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: