Bug 1467508 - [DOCS] AWS configuration does not describe how to use IAM Roles
Summary: [DOCS] AWS configuration does not describe how to use IAM Roles
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Gaurav Nelson
QA Contact: Chao Yang
Vikram Goyal
URL:
Whiteboard:
Depends On: 1462823
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-04 05:53 UTC by Gaurav Nelson
Modified: 2020-12-14 09:01 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1462823
Environment:
Last Closed: 2017-08-04 13:53:17 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Comment 2 Ryan Cook 2017-07-24 21:01:23 UTC
IAM roles must be assigned to instances at launch time

Refer to http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html  specifically To launch an instance with an IAM role using the console or To launch an instance with an IAM role using the AWS CLI

Comment 3 Gaurav Nelson 2017-07-31 03:17:01 UTC
There are no changes needed in docs other than what's already done in Bug #1462823

Comment 4 Steven Walter 2017-08-02 15:48:25 UTC
I dont understand why this is closed. The questions are not answered in the docs or here.

2. Can we be more precise in granting privileges. The ec2:* in the example you give may be a problem. If I need to set aws as the cloud provider but all I need is to dynamically assign Elastic Block Storage for persistent volumes, can I change ec2:* to a smaller list of permissions?

We still have no indication in the docs as to what permissions are required by the role used -- in instances where the user wants to lock it down.

Comment 5 Steven Walter 2017-08-02 15:50:02 UTC
To clarify this isn't about launching instances at all, this is about EBS volumes. Thats why this bug was forked.

Comment 6 Gaurav Nelson 2017-08-04 00:46:14 UTC
Hello Steven, we are working on getting those done as part of https://bugzilla.redhat.com/show_bug.cgi?id=1452816, which is documenting permissions for all cloud providers.


Note You need to log in before you can comment on or make changes to this bug.