Bug 1981550

Summary: AWS Elastic IP permissions are incorrectly required
Product: OpenShift Container Platform Reporter: Patrick Dillon <padillon>
Component: InstallerAssignee: aos-install
Installer sub component: openshift-installer QA Contact: Yunfei Jiang <yunjiang>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: unspecified    
Version: 4.9   
Target Milestone: ---   
Target Release: 4.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-18 17:38:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1981548    

Comment 3 Yunfei Jiang 2021-07-14 03:13:45 UTC 
verified, PASS.

OCP version: 4.9.0-0.nightly-2021-07-12-203753

steps: 
> create a IAM user with following policy, and set as default user for installer
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Deny",
            "Action": [
                "ec2:AllocateAddress",
                "ec2:AssociateAddress",
                "ec2:ReleaseAddress"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

> install private cluster publish: Internal into an existing VPC (SUCCEEDED, PASS), destroy cluster (SUCCEEDED, PASS)
> install a public cluster publish: External, did not provide existing subnets. (FAILED as expected, PASS)
> install a public cluster publish: External into an existing VPC (SUCCEEDED, PASS), destroy cluster (SUCCEEDED, PASS)

more detailed info:
https://github.com/openshift/installer/pull/5045#issuecomment-872647747
https://github.com/openshift/installer/pull/5055#issuecomment-874549887
Comment 6 errata-xmlrpc 2021-10-18 17:38:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759