Hide Forgot
Description of problem: The OpenShift configuration for AWS requires for long term access tokens to be configured. Using long-term access tokens has a big drawback, because they don't time out, and might be abused.This will require us to re-new such access tokens. Using access tokens should be considered an insecure approach, because of the long validity of a token. We would like OpenShift to work with AWS instances roles. OpenShift should use the AWS API to obtain and renew a short term access tokens, given that a node has a role that grants this. To prevent abuse of AWS access tokens. Version-Release number of selected component (if applicable): OpenShift Container Platform 3.3 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
*** Bug 1388939 has been marked as a duplicate of this bug. ***
Isn't this something storage people should be involved with ?
Bradely, maybe you inderstand better than us what's the ask here.
Does this AWS documentation help to clarify what this is about? https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
This bug has been identified as a dated (created more than 3 months ago) bug. This bug has been triaged (has a trello card linked to it), or reviewed by Engineering/PM and has been put into the product backlog, however this bug has not been slated for a currently planned release (3.9, 3.10 or 3.11), which cover our releases for the rest of the calendar year. As a result of this bugs age, state on the current roadmap and PM Score (being below 70), this bug is being Closed - Differed, as it is currently not part of the products immediate priorities. Please see: https://docs.google.com/document/d/1zdqF4rB3ea8GmVIZ7qWCVYUaQ7-EexUrQEF0MTwdDkw/edit for more details.