-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.18, 4.19
Description of problem:
`sts:AssumeRole` is required by creating Shared-VPC [1], otherwise which will cause the error:
level=fatal msg=failed to fetch Cluster Infrastructure Variables: failed to fetch dependency of "Cluster Infrastructure Variables": failed to generate asset "Platform Provisioning Check": aws.hostedZone: Invalid value: "Z01991651G3UXC4ZFDNDU": unable to retrieve hosted zone: could not get hosted zone: Z01991651G3UXC4ZFDNDU: AccessDenied: User: arn:aws:iam::301721915996:user/ci-op-1c2w7jv2-ef4fe-minimal-perm-installer is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::641733028092:role/ci-op-1c2w7jv2-ef4fe-shared-role
level=fatal msg= status code: 403, request id: ab7160fa-ade9-4afe-aacd-782495dc9978
Installer exit with code 1
[1]https://docs.openshift.com/container-platform/4.17/installing/installing_aws/installing-aws-account.html
Version-Release number of selected component (if applicable):
4.18.0-0.nightly-2024-12-03-174639
How reproducible:
Always
Steps to Reproduce:
1. Create install-config for Shared-VPC cluster
2. Run openshift-install create permissions-policy
3. Create cluster by using the above installer-required policy.
Actual results:
See description
Expected results:
sts:AssumeRole is included in the policy file when Shared VPC is configured.
Additional info:
The configuration of Shared-VPC is like:
platform:
aws:
hostedZone:
hostedZoneRole:
- blocks
-
-
- Verified
-
- is cloned by
-
-
- Verified
-
- links to