1981550 – AWS Elastic IP permissions are incorrectly required

Bug 1981550 - AWS Elastic IP permissions are incorrectly required

Summary: AWS Elastic IP permissions are incorrectly required

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.9.0
Assignee:	aos-install
QA Contact:	Yunfei Jiang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1981548
TreeView+	depends on / blocked

Reported:	2021-07-12 19:11 UTC by Patrick Dillon
Modified:	2021-10-18 17:38 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-18 17:38:52 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:3759	0	None	None	None	2021-10-18 17:38:54 UTC

Comment 3 Yunfei Jiang 2021-07-14 03:13:45 UTC

verified, PASS.

OCP version: 4.9.0-0.nightly-2021-07-12-203753

steps: 
> create a IAM user with following policy, and set as default user for installer
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Deny",
            "Action": [
                "ec2:AllocateAddress",
                "ec2:AssociateAddress",
                "ec2:ReleaseAddress"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

> install private cluster publish: Internal into an existing VPC (SUCCEEDED, PASS), destroy cluster (SUCCEEDED, PASS)
> install a public cluster publish: External, did not provide existing subnets. (FAILED as expected, PASS)
> install a public cluster publish: External into an existing VPC (SUCCEEDED, PASS), destroy cluster (SUCCEEDED, PASS)

more detailed info:
https://github.com/openshift/installer/pull/5045#issuecomment-872647747
https://github.com/openshift/installer/pull/5055#issuecomment-874549887

Comment 6 errata-xmlrpc 2021-10-18 17:38:52 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759

Note You need to log in before you can comment on or make changes to this bug.