Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6956

Enable session tag controls for ROSA HCP cluster deletion

XMLWordPrintable

    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request

      Enable session tag controls for ROSA HCP cluster deletion

       

      2. What is the nature and description of the request?

      Since deploying a ROSA HCP cluster into a BYO-VPC is supported [1] and a customer may deploy additional services sharing the same VPC, the customer is seeking the ability to control which account can delete cluster resources.

      The customer seeks to use session tags [2] for the assume role to include the AWS account id and updated policies (trust / permission) to validate the session tags during a delete operation.

       

      3. Why does the customer need this? (List the business requirements here)

      Resources in a BYO-VPC may be managed by different teams within the customer's organization and the customer seeks to control actions on cluster resources by teams that should not be able to impact them.

      For example, the customer's core networking account may require access permissions to delete certain network-related resources within the VPC (VPC endpoint / security groups) but this team should not have access to delete resources related to the ROSA HCP cluster, which is the responsibility of the customer's cluster account.

       

      Customer provided IAM policy example is included.

       

      4. Customer Information

      Account name: Australia and New Zealand Banking Group Limited

      Account Number: 1481327

      TAM customer: yes

      Strategic: yes

       

      [1] KCS 6980058  
      [2] Pass session tags in AWS STS

              azaalouk Adel Zaalouk
              rhn-support-dumilbur Duncan Milburn
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: