Story

As a developer of cluster logging,
I want to enable the logging add-on to be capable of configuring CLF to use an STS role
so that customers can rely upon features of STS and not static AWS credentials

Acceptance Criteria

AWS Cloudwatch receives cluster logs using STS configured cluster log forwarder
Add-on user configures add-on to use an AWS role through the add-on interface

Assumptions

Assumes an administrator configured the cluster for STS
TBD Assumes an administrator configured an STS logging role (maybe the add-on can do this?)

Notes

STS enabled OCP clusters allow users to rely upon AWS roles for authentication instead of AWS credential keys. STS enabled clusters periodically rotate credentials allowing properly configured components to no longer depend upon static keys and subsequently improving the security posture.

is blocked by

LOG-1069 Modify cluster logging add-on to simplify the maintenance burden

Closed

LOG-1976 Enable STS Cloudwatch Role

Closed

is related to

LOG-1069 Modify cluster logging add-on to simplify the maintenance burden

Closed

links to

Add-on meeting notes

mentioned on

Merge request - Draft: clo: Add credentials requests to support STS

Assignee:: Unassigned

Reporter:: Jeffrey Cantrill

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2022/03/25 1:47 PM

Updated:: 2022/08/08 7:17 PM

Resolved:: 2022/08/08 7:17 PM

Details

Description

Story

Acceptance Criteria

Assumptions

Notes

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates