Bug 1467508 - [DOCS] AWS configuration does not describe how to use IAM Roles
[DOCS] AWS configuration does not describe how to use IAM Roles
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Gaurav Nelson
Vikram Goyal
: Reopened
Depends On: 1462823
  Show dependency treegraph
Reported: 2017-07-04 01:53 EDT by Gaurav Nelson
Modified: 2017-08-04 09:53 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1462823
Last Closed: 2017-08-04 09:53:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 2 Ryan Cook 2017-07-24 17:01:23 EDT
IAM roles must be assigned to instances at launch time

Refer to http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html  specifically To launch an instance with an IAM role using the console or To launch an instance with an IAM role using the AWS CLI
Comment 3 Gaurav Nelson 2017-07-30 23:17:01 EDT
There are no changes needed in docs other than what's already done in Bug #1462823
Comment 4 Steven Walter 2017-08-02 11:48:25 EDT
I dont understand why this is closed. The questions are not answered in the docs or here.

2. Can we be more precise in granting privileges. The ec2:* in the example you give may be a problem. If I need to set aws as the cloud provider but all I need is to dynamically assign Elastic Block Storage for persistent volumes, can I change ec2:* to a smaller list of permissions?

We still have no indication in the docs as to what permissions are required by the role used -- in instances where the user wants to lock it down.
Comment 5 Steven Walter 2017-08-02 11:50:02 EDT
To clarify this isn't about launching instances at all, this is about EBS volumes. Thats why this bug was forked.
Comment 6 Gaurav Nelson 2017-08-03 20:46:14 EDT
Hello Steven, we are working on getting those done as part of https://bugzilla.redhat.com/show_bug.cgi?id=1452816, which is documenting permissions for all cloud providers.

Note You need to log in before you can comment on or make changes to this bug.