s3:GetBucketReplication is not a valid IAM action. The correct action is s3:GetReplicationConfiguration which is also included. https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html Since the installer attempts to verify that it has all of the permissions that it thinks it needs, it fails when it checks for this permission and aborts the install. This means that we must include the invalid permission in our IAM policy and ignore the warnings that this generates in order to run the cluster install.
verified. PASS OCP Version: 4.10.0-0.nightly-2021-11-15-034648 1. Checked IAM permissions on AWS, s3:GetBucketReplication permission does not exits. 2. Trying to install OCP, no warning or error/fatal messages: level=info msg=Credentials loaded from the "default" profile in file "/home/cloud-user/.aws/credentials" level=info msg=Consuming Install Config from target directory level=info msg=Creating infrastructure resources...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056