You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Learn about {product-title} (ROSA), interacting with ROSA using {cluster-manager-first} and command-line interface (CLI) tools, consumption experience, and integration with Amazon Web Services (AWS) services.
8
+
Learn about {product-title} (ROSA), interacting with ROSA by using {cluster-manager-first} and commandline interface (CLI) tools, consumption experience, and integration with Amazon Web Services (AWS) services.
9
9
10
10
[id="rosa-understanding-about_{context}"]
11
11
== About ROSA
12
12
13
-
ROSA is a fully-managed, turnkey application platform that allows you to focus on delivering value to your customers by building and deploying applications. RedHat site reliability engineering (SRE) experts manage the underlying platform so you do not have to worry about the complexity of infrastructure management. ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to further accelerate the building and delivering of differentiating experiences to your customers.
13
+
ROSA is a fully-managed, turnkey application platform that allows you to focus on delivering value to your customers by building and deploying applications. Red{nbsp}Hat site reliability engineering (SRE) experts manage the underlying platform so you do not have to worry about the complexity of infrastructure management. ROSA provides seamless integration with Amazon CloudWatch, AWS Identity and Access Management (IAM), Amazon Virtual Private Cloud (VPC), and a wide range of additional AWS services to further accelerate the building and delivering of differentiating experiences to your customers.
14
14
15
-
You subscribe to the service directly from your AWS account. After the clusters are created, you can operate your clusters with the OpenShift web consoleor through {cluster-manager-first}. The ROSA service also uses OpenShift APIs and command-line interface (CLI) tools. These tools provide a standardized OpenShift experience to use your existing skills and tools knowledge.
15
+
You subscribe to the service directly from your AWS account. After you create clusters, you can operate your clusters with the OpenShift web console, the ROSA CLI, or through {cluster-manager-first}.
16
16
17
17
You receive OpenShift updates with new feature releases and a shared, common source for alignment with OpenShift Container Platform. ROSA supports the same versions of OpenShift as Red Hat OpenShift Dedicated and OpenShift Container Platform to achieve version consistency.
For additional information on ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red Hat OpenShift Service on AWS (ROSA) interactive walkthrough].
20
+
For additional information about ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red Hat OpenShift Service on AWS (ROSA) interactive walkthrough].
There are two supported credential modes for ROSA clusters. One uses the AWS Security Token Service (STS), which is recommended, and the other uses Identity Access Management (IAM) roles.
27
+
//There are two supported credential modes for ROSA clusters. One uses the AWS Security Token Service (STS), which is recommended, and the other uses Identity Access Management (IAM) roles.
28
28
29
-
[id="rosa-understanding-aws-sts_{context}"]
30
-
=== ROSA with STS
29
+
//[id="rosa-understanding-aws-sts_{context}"]
30
+
//=== ROSA with STS
31
31
32
-
AWS STS is a global web service that provides short-term credentials for IAM or federated users. ROSA with STS is the recommended credential mode for ROSA clusters. You can use AWS STS with ROSA to allocate temporary, limited-privilege credentials for component-specific IAM roles. The service enables cluster components to make AWS API calls using secure cloud resource management practices.
32
+
//AWS STS is a global web service that provides short-term credentials for IAM or federated users. ROSA with STS is the recommended credential mode for ROSA clusters. You can use AWS STS with ROSA to allocate temporary, limited-privilege credentials for component-specific IAM roles. The service enables cluster components to make AWS API calls using secure cloud resource management practices.
33
33
34
-
You can use the ROSA CLI (`rosa`) to create the IAM role, policy, and identity provider resources that are required for ROSA clusters that use STS.
34
+
//You can use the ROSA CLI (`rosa`) to create the IAM role, policy, and identity provider resources that are required for ROSA clusters that use STS.
35
35
36
-
AWS STS aligns with principles of least privilege and secure practices in cloud service resource management. The ROSA CLI manages the STS credentials that are assigned for unique tasks and takes action upon AWS resources as part of OpenShift functionality. One limitation of using STS is that roles must be created for each ROSA cluster.
36
+
//AWS STS aligns with principles of least privilege and secure practices in cloud service resource management. The ROSA CLI manages the STS credentials that are assigned for unique tasks and takes action upon AWS resources as part of OpenShift functionality. One limitation of using STS is that roles must be created for each ROSA cluster.
37
37
38
-
The STS credential mode is more secure because:
38
+
//The STS credential mode is more secure because:
39
39
40
-
- It supports an explicit and limited set of roles and policies that you create ahead of time, and tracks every permission asked for and every role used.
41
-
- The service is limited to the set permissions.
42
-
- When the service is run, it obtains credentials that expire in one hour, so there is no need to rotate or revoke credentials. The expiration also reduces the risks of credentials leaking and being reused.
40
+
//- It supports an explicit and limited set of roles and policies that you create ahead of time, and tracks every permission asked for and every role used.
41
+
//- The service is limited to the set permissions.
42
+
//- When the service is run, it obtains credentials that expire in one hour, so there is no need to rotate or revoke credentials. The expiration also reduces the risks of credentials leaking and being reused.
43
43
44
-
A listing of the account-wide and per-cluster roles is provided in xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for ROSA clusters that use STS].
44
+
//A listing of the account-wide and per-cluster roles is provided in xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for ROSA clusters that use STS].
This mode makes use of a pre-created IAM user with `AdministratorAccess` within the account that has proper permissions to create other roles and resources as needed. Using this account the service creates all the necessary resources that are needed for the cluster.
49
+
//This mode makes use of a pre-created IAM user with `AdministratorAccess` within the account that has proper permissions to create other roles and resources as needed. Using this account the service creates all the necessary resources that are needed for the cluster.
0 commit comments