-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
4.13.z, 4.14.0
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
No
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
`sts:AssumeRole` is missing in Required AWS permissions for the IAM user [1], but it's required by Shared-VPC install which is available in 4.13.9 [1] https://docs.openshift.com/container-platform/4.13/installing/installing_aws/installing-aws-account.html#installation-aws-permissions_installing-aws-account
Version-Release number of selected component (if applicable):
4.13.9, 4.14
How reproducible:
always
Steps to Reproduce:
1. Create a shared VPC cluster in Passthrough mode with permissions in https://docs.openshift.com/container-platform/4.13/installing/installing_aws/installing-aws-account.html#installation-aws-permissions_installing-aws-account
Actual results:
level=fatal msg="failed to fetch Terraform Variables: failed to fetch dependency of \"Terraform Variables\": failed to generate asset \"Platform Provisioning Check\": aws.hostedZone: Invalid value: \"Z04651373TTGIDDUZH88Q\": unable to retrieve hosted zone: could not get hosted zone: Z04651373TTGIDDUZH88Q: AccessDenied: User: arn:aws:iam::301721915996:user/yunjiang-mini-minimal-perm is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::641733028092:role/yunjiang-mini2-rol1\n\tstatus code: 403, request id: 88c4fc48-bb7b-4936-8e5c-2190d2a7f250"
Expected results:
install succeeded
Additional info: