openshift
diff --git a/‎_topic_maps/_topic_map.yml
Lines changed: 32 additions & 40 deletions b/‎_topic_maps/_topic_map.yml
Lines changed: 32 additions & 40 deletions
diff --git a/‎_unused_topics/manually-creating-iam.adoc
Lines changed: 43 additions & 0 deletions b/‎_unused_topics/manually-creating-iam.adoc
Lines changed: 43 additions & 0 deletions
diff --git a/‎authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc
Lines changed: 1 addition & 1 deletion b/‎authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc
Lines changed: 1 addition & 1 deletion
diff --git a/‎authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc
Lines changed: 4 additions & 4 deletions b/‎authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc
Lines changed: 4 additions & 4 deletions
diff --git a/‎authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
Lines changed: 2 additions & 2 deletions b/‎authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
Lines changed: 2 additions & 2 deletions
diff --git a/‎contributing_to_docs/doc_guidelines.adoc
Lines changed: 1 addition & 1 deletion b/‎contributing_to_docs/doc_guidelines.adoc
Lines changed: 1 addition & 1 deletion
diff --git a/‎installing/cluster-capabilities.adoc
Lines changed: 1 addition & 1 deletion b/‎installing/cluster-capabilities.adoc
Lines changed: 1 addition & 1 deletion
diff --git a/‎installing/disconnected_install/installing-mirroring-installation-images.adoc
Lines changed: 1 addition & 1 deletion b/‎installing/disconnected_install/installing-mirroring-installation-images.adoc
Lines changed: 1 addition & 1 deletion
diff --git a/‎installing/installing-fips.adoc
Lines changed: 1 addition & 1 deletion b/‎installing/installing-fips.adoc
Lines changed: 1 addition & 1 deletion
@@ -155,51 +155,43 @@ Topics:
   Dir: installing_aws
   Distros: openshift-origin,openshift-enterprise
   Topics:
-  - Name: Preparing to install
+  - Name: Preparing to install on AWS
     File: preparing-to-install-on-aws
   - Name: Configuring an AWS account
     File: installing-aws-account
-  - Name: Installer-provisioned infrastructure
-    Dir: ipi
-    Distros: openshift-origin,openshift-enterprise
-    Topics:
-    - Name: Installing a cluster
-      File: installing-aws-default
-    - Name: Installing a cluster with customizations
-      File: installing-aws-customizations
-    - Name: Installing a cluster with network customizations
-      File: installing-aws-network-customizations
-    - Name: Installing a cluster in a restricted network
-      File: installing-restricted-networks-aws-installer-provisioned
-    - Name: Installing a cluster into an existing VPC
-      File: installing-aws-vpc
-    - Name: Installing a private cluster
-      File: installing-aws-private
-    - Name: Installing a cluster into a government region
-      File: installing-aws-government-region
-    - Name: Installing a cluster into a Secret or Top Secret Region
-      File: installing-aws-secret-region
-    - Name: Installing a cluster into a China region
-      File: installing-aws-china
-    - Name: Installing a cluster with compute nodes on Local Zones
-      File: installing-aws-localzone
-    - Name: Installing a cluster with compute nodes on Wavelength Zones
-      File: installing-aws-wavelength-zone
-    - Name: Installing a cluster with compute nodes on Outposts
-      File: installing-aws-outposts
-  - Name: User-provisioned infrastructure
-    Dir: upi
-    Distros: openshift-origin,openshift-enterprise
-    Topics:
-    - Name: Installing a cluster using CloudFormation templates
-      File: installing-aws-user-infra
-    - Name: Installing a cluster in a restricted network with user-provisioned infrastructure
-      File: installing-restricted-networks-aws
-  - Name: Installing a three-node cluster
+  - Name: Installing a cluster quickly on AWS
+    File: installing-aws-default
+  - Name: Installing a cluster on AWS with customizations
+    File: installing-aws-customizations
+  - Name: Installing a cluster on AWS with network customizations
+    File: installing-aws-network-customizations
+  - Name: Installing a cluster on AWS in a restricted network
+    File: installing-restricted-networks-aws-installer-provisioned
+  - Name: Installing a cluster on AWS into an existing VPC
+    File: installing-aws-vpc
+  - Name: Installing a private cluster on AWS
+    File: installing-aws-private
+  - Name: Installing a cluster on AWS into a government region
+    File: installing-aws-government-region
+  - Name: Installing a cluster on AWS into a Secret or Top Secret Region
+    File: installing-aws-secret-region
+  - Name: Installing a cluster on AWS into a China region
+    File: installing-aws-china
+  - Name: Installing a cluster on AWS using CloudFormation templates
+    File: installing-aws-user-infra
+  - Name: Installing a cluster on AWS in a restricted network with user-provisioned infrastructure
+    File: installing-restricted-networks-aws
+  - Name: Installing a cluster on AWS with compute nodes on AWS Local Zones
+    File: installing-aws-localzone
+  - Name: Installing a cluster on AWS with compute nodes on AWS Wavelength Zones
+    File: installing-aws-wavelength-zone
+  - Name: Installing a cluster on AWS with compute nodes on AWS Outposts
+    File: installing-aws-outposts
+  - Name: Installing a three-node cluster on AWS
     File: installing-aws-three-node
-  - Name: Uninstalling a cluster
+  - Name: Uninstalling a cluster on AWS
     File: uninstalling-cluster-aws
-  - Name: Installation configuration parameters
+  - Name: Installation configuration parameters for AWS
     File: installation-config-parameters-aws
 - Name: Installing on Azure
   Dir: installing_azure
 
@@ -0,0 +1,43 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="manually-creating-iam-aws"]
+= Manually creating IAM for AWS
+include::_attributes/common-attributes.adoc[]
+:context: manually-creating-iam-aws
+
+//TO-DO: this should be one file for AWS, Azure, and GCP with conditions for specifics.
+
+toc::[]
+
+In environments where the cloud identity and access management (IAM) APIs are not reachable, or the administrator prefers not to store an administrator-level credential secret in the cluster `kube-system` namespace, you can put the Cloud Credential Operator (CCO) into manual mode before you install the cluster.
+
+include::modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+// AWS only. Condition out if combining topic for AWS/Azure/GCP.
+* To learn how to use the CCO utility (`ccoctl`) to configure the CCO to use the AWS STS, see xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-mode-sts[Using manual mode with STS].
+
+// Not supported in Azure. Condition out if combining topic for AWS/Azure/GCP.
+* To learn how to rotate or remove the administrator-level credential secret after installing {product-title}, see xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-rotate-remove-cloud-creds[Rotating or removing cloud provider credentials].
+
+* For a detailed description of all available CCO credential modes and their supported platforms, see xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[About the Cloud Credential Operator].
+
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
+
+include::modules/mint-mode.adoc[leveloffset=+1]
+
+include::modules/mint-mode-with-removal-of-admin-credential.adoc[leveloffset=+1]
+
+[id="manually-creating-iam-aws-next-steps"]
+== Next steps
+
+* Install an {product-title} cluster:
+** xref:../../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[Installing a cluster quickly on AWS] with default options on installer-provisioned infrastructure
+** xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[Install a cluster with cloud customizations on installer-provisioned infrastructure]
+** xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-network-customizations[Install a cluster with network customizations on installer-provisioned infrastructure]
+** xref:../../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[Installing a cluster on user-provisioned infrastructure in AWS by using CloudFormation templates]
@@ -27,7 +27,7 @@ An AWS, global Azure, or GCP cluster that uses manual mode might be configured t
 == Additional resources
 
 * xref:../../installing/installing_alibaba/manually-creating-alibaba-ram.adoc#manually-creating-alibaba-ram[Manually creating RAM resources for Alibaba Cloud]
-* xref:../../installing/installing_aws/ipi/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS]
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS]
 * xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Manually creating long-term credentials for Azure]
 * xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials for GCP]
 * xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for {ibm-cloud-name}]
 
@@ -23,7 +23,7 @@ When using the CCO in passthrough mode, ensure that the credential you provide m
 === Amazon Web Services (AWS) permissions
 The credential you provide for passthrough mode in AWS must have all the requested permissions for all `CredentialsRequest` CRs that are required by the version of {product-title} you are running or installing.
 
-To locate the `CredentialsRequest` CRs that are required, see xref:../../installing/installing_aws/ipi/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS].
+To locate the `CredentialsRequest` CRs that are required, see xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS].
 
 [id="passthrough-mode-permissions-azure"]
 === Microsoft Azure permissions
@@ -81,7 +81,7 @@ include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+1]
 
 [id="passthrough-mode-maintenance"]
 == Passthrough mode credential maintenance
-If `CredentialsRequest` CRs change over time as the cluster is upgraded, you must manually update the passthrough mode credential to meet the requirements. To avoid credentials issues during an upgrade, check the `CredentialsRequest` CRs in the release image for the new version of {product-title} before upgrading. To locate the `CredentialsRequest` CRs that are required for your cloud provider, see _Manually creating long-term credentials_ for xref:../../installing/installing_aws/ipi/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[AWS], xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Azure], or xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[GCP].
+If `CredentialsRequest` CRs change over time as the cluster is upgraded, you must manually update the passthrough mode credential to meet the requirements. To avoid credentials issues during an upgrade, check the `CredentialsRequest` CRs in the release image for the new version of {product-title} before upgrading. To locate the `CredentialsRequest` CRs that are required for your cloud provider, see _Manually creating long-term credentials_ for xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[AWS], xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Azure], or xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[GCP].
 
 //Rotating cloud provider credentials manually
 include::modules/manually-rotating-cloud-creds.adoc[leveloffset=+2]
@@ -96,11 +96,11 @@ When using passthrough mode, each component has the same permissions used by all
 
 After installation, you can reduce the permissions on your credential to only those that are required to run the cluster, as defined by the `CredentialsRequest` CRs in the release image for the version of {product-title} that you are using.
 
-To locate the `CredentialsRequest` CRs that are required for AWS, Azure, or GCP and learn how to change the permissions the CCO uses, see _Manually creating long-term credentials_ for xref:../../installing/installing_aws/ipi/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[AWS], xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Azure], or xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[GCP].
+To locate the `CredentialsRequest` CRs that are required for AWS, Azure, or GCP and learn how to change the permissions the CCO uses, see _Manually creating long-term credentials_ for xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[AWS], xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Azure], or xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[GCP].
 
 [role="_additional-resources"]
 == Additional resources
 
-* xref:../../installing/installing_aws/ipi/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS]
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS]
 * xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Manually creating long-term credentials for Azure]
 * xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials for GCP]
@@ -39,7 +39,7 @@ In manual mode with STS, the individual {product-title} cluster components use t
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../../installing/installing_aws/ipi/installing-aws-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-customizations[Configuring an AWS cluster to use short-term credentials]
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-customizations[Configuring an AWS cluster to use short-term credentials]
 
 //AWS Security Token Service authentication process
 include::modules/cco-short-term-creds-auth-flow-aws.adoc[leveloffset=+2]
@@ -104,7 +104,7 @@ include::modules/cco-short-term-creds-azure-olm.adoc[leveloffset=+2]
 [id="additional-resources_{context}"]
 == Additional resources
 
-* xref:../../installing/installing_aws/ipi/installing-aws-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-customizations[Configuring an AWS cluster to use short-term credentials]
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-customizations[Configuring an AWS cluster to use short-term credentials]
 * xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-with-short-term-creds_installing-gcp-customizations[Configuring a GCP cluster to use short-term credentials]
 * xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-with-short-term-creds_installing-azure-customizations[Configuring a global Microsoft Azure cluster to use short-term credentials]
 * xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
@@ -141,7 +141,7 @@ Example:
 ----
 // Text snippet included in the following assemblies:
 //
-// * installing/installing_aws/ipi/installing-aws-default.adoc
+// * installing/installing_aws/installing-aws-default.adoc
 // * installing/installing_azure/installing-azure-default.adoc
 // * installing/installing_gcp/installing-gcp-default.adoc
 
 
@@ -19,7 +19,7 @@ include::snippets/capabilities-table.adoc[]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../installing/installing_aws/ipi/installing-aws-customizations.adoc#installing-aws-customizations[Installing a cluster on AWS with customizations]
+* xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[Installing a cluster on AWS with customizations]
 * xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[Installing a cluster on GCP with customizations]
 
 include::modules/explanation-of-capabilities.adoc[leveloffset=+1]
 
@@ -145,7 +145,7 @@ include::modules/olm-mirroring-catalog-post.adoc[leveloffset=+2]
 
 * Install a cluster on infrastructure that you provision in your restricted network, such as on
 xref:../../installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[VMware vSphere],
-xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal], or xref:../../installing/installing_aws/upi/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[Amazon Web Services].
+xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal], or xref:../../installing/installing_aws/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[Amazon Web Services].
 
 [role="_additional-resources"]
 [id="restricted-networks-additional-resources"]
 
@@ -86,7 +86,7 @@ To install a cluster in FIPS mode, follow the instructions to install a customiz
 To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode].
 ====
 
-* xref:../installing/installing_aws/ipi/installing-aws-customizations.adoc#installing-aws-customizations[Amazon Web Services]
+* xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[Amazon Web Services]
 * xref:../installing/installing_alibaba/installing-alibaba-customizations.adoc#installing-alibaba-customizations[Alibaba Cloud]
 * xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Microsoft Azure]
 * xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Bare metal]