Description of problem:
Our IAM root user has a permission boundary set. This means, every IAM user created by that root user has to have the permission boundary set.
We experienced failure in the installation of Openshift 4 on AWS because the user object to be created fails to pull the permission boundary of the provided user that is used to do the installation.
Version-Release number of selected component (if applicable):
create a AWS user with permission boundary that only allows the user to create a user of the permission boundary is set.
Steps to Reproduce:
Docs for QE on this AWS functionality: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
what Info do you need?
@Florin Peter , I've created a new user in AWS and in order to test it I need to know what policy should be attached and what boundary permissions should be set for this user? And after that I am going to create a new cluster using credentials of this user.
Our AWS account is management by another department but I will try to get you something that may can help you to test this.
We already tested 4.2.0-0.nightly-2019-08-27-072819 and I can confirm that the permission boundary is working correctly.
oh, that is great. Anyway, if it is not so difficult , please try to get the info about configuration of aws account ). It will help us to understand clearly your scenarios and test it best way.
Verified on 4.2.0-0.nightly-2019-09-04-142146
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.