Skip to content

Commit 21c59cb

Browse files
committed
OSDOCS-10525
1 parent f9c8b1f commit 21c59cb

File tree

1 file changed

+21
-21
lines changed

1 file changed

+21
-21
lines changed

rosa_architecture/rosa-understanding.adoc

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -5,48 +5,48 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
55
:context: rosa-understanding
66
toc::[]
77

8-
Learn about {product-title} (ROSA), interacting with ROSA using {cluster-manager-first} and command-line interface (CLI) tools, consumption experience, and integration with Amazon Web Services (AWS) services.
8+
Learn about {product-title} (ROSA), interacting with ROSA by using {cluster-manager-first} and command line interface (CLI) tools, consumption experience, and integration with Amazon Web Services (AWS) services.
99

1010
[id="rosa-understanding-about_{context}"]
1111
== About ROSA
1212

13-
ROSA is a fully-managed, turnkey application platform that allows you to focus on delivering value to your customers by building and deploying applications. Red Hat site reliability engineering (SRE) experts manage the underlying platform so you do not have to worry about the complexity of infrastructure management. ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to further accelerate the building and delivering of differentiating experiences to your customers.
13+
ROSA is a fully-managed, turnkey application platform that allows you to focus on delivering value to your customers by building and deploying applications. Red{nbsp}Hat site reliability engineering (SRE) experts manage the underlying platform so you do not have to worry about the complexity of infrastructure management. ROSA provides seamless integration with Amazon CloudWatch, AWS Identity and Access Management (IAM), Amazon Virtual Private Cloud (VPC), and a wide range of additional AWS services to further accelerate the building and delivering of differentiating experiences to your customers.
1414

15-
You subscribe to the service directly from your AWS account. After the clusters are created, you can operate your clusters with the OpenShift web console or through {cluster-manager-first}. The ROSA service also uses OpenShift APIs and command-line interface (CLI) tools. These tools provide a standardized OpenShift experience to use your existing skills and tools knowledge.
15+
You subscribe to the service directly from your AWS account. After you create clusters, you can operate your clusters with the OpenShift web console, the ROSA CLI, or through {cluster-manager-first}.
1616

1717
You receive OpenShift updates with new feature releases and a shared, common source for alignment with OpenShift Container Platform. ROSA supports the same versions of OpenShift as Red Hat OpenShift Dedicated and OpenShift Container Platform to achieve version consistency.
1818

1919
image::291_OpenShift_on_AWS_Intro_1122_docs.png[{product-title}]
20-
For additional information on ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red Hat OpenShift Service on AWS (ROSA) interactive walkthrough].
20+
For additional information about ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red Hat OpenShift Service on AWS (ROSA) interactive walkthrough].
2121

22-
[id="rosa-understanding-credential-modes_{context}"]
23-
== Credential modes
22+
//[id="rosa-understanding-credential-modes_{context}"]
23+
//== Credential modes
2424

25-
include::snippets/rosa-sts.adoc[]
25+
//include::snippets/rosa-sts.adoc[]
2626

27-
There are two supported credential modes for ROSA clusters. One uses the AWS Security Token Service (STS), which is recommended, and the other uses Identity Access Management (IAM) roles.
27+
//There are two supported credential modes for ROSA clusters. One uses the AWS Security Token Service (STS), which is recommended, and the other uses Identity Access Management (IAM) roles.
2828

29-
[id="rosa-understanding-aws-sts_{context}"]
30-
=== ROSA with STS
29+
//[id="rosa-understanding-aws-sts_{context}"]
30+
//=== ROSA with STS
3131

32-
AWS STS is a global web service that provides short-term credentials for IAM or federated users. ROSA with STS is the recommended credential mode for ROSA clusters. You can use AWS STS with ROSA to allocate temporary, limited-privilege credentials for component-specific IAM roles. The service enables cluster components to make AWS API calls using secure cloud resource management practices.
32+
//AWS STS is a global web service that provides short-term credentials for IAM or federated users. ROSA with STS is the recommended credential mode for ROSA clusters. You can use AWS STS with ROSA to allocate temporary, limited-privilege credentials for component-specific IAM roles. The service enables cluster components to make AWS API calls using secure cloud resource management practices.
3333

34-
You can use the ROSA CLI (`rosa`) to create the IAM role, policy, and identity provider resources that are required for ROSA clusters that use STS.
34+
//You can use the ROSA CLI (`rosa`) to create the IAM role, policy, and identity provider resources that are required for ROSA clusters that use STS.
3535

36-
AWS STS aligns with principles of least privilege and secure practices in cloud service resource management. The ROSA CLI manages the STS credentials that are assigned for unique tasks and takes action upon AWS resources as part of OpenShift functionality. One limitation of using STS is that roles must be created for each ROSA cluster.
36+
//AWS STS aligns with principles of least privilege and secure practices in cloud service resource management. The ROSA CLI manages the STS credentials that are assigned for unique tasks and takes action upon AWS resources as part of OpenShift functionality. One limitation of using STS is that roles must be created for each ROSA cluster.
3737

38-
The STS credential mode is more secure because:
38+
//The STS credential mode is more secure because:
3939

40-
- It supports an explicit and limited set of roles and policies that you create ahead of time, and tracks every permission asked for and every role used.
41-
- The service is limited to the set permissions.
42-
- When the service is run, it obtains credentials that expire in one hour, so there is no need to rotate or revoke credentials. The expiration also reduces the risks of credentials leaking and being reused.
40+
//- It supports an explicit and limited set of roles and policies that you create ahead of time, and tracks every permission asked for and every role used.
41+
//- The service is limited to the set permissions.
42+
//- When the service is run, it obtains credentials that expire in one hour, so there is no need to rotate or revoke credentials. The expiration also reduces the risks of credentials leaking and being reused.
4343

44-
A listing of the account-wide and per-cluster roles is provided in xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for ROSA clusters that use STS].
44+
//A listing of the account-wide and per-cluster roles is provided in xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for ROSA clusters that use STS].
4545

46-
[id="rosa-understanding-aws-without-sts_{context}"]
47-
=== ROSA without STS
46+
//[id="rosa-understanding-aws-without-sts_{context}"]
47+
//=== ROSA without STS
4848

49-
This mode makes use of a pre-created IAM user with `AdministratorAccess` within the account that has proper permissions to create other roles and resources as needed. Using this account the service creates all the necessary resources that are needed for the cluster.
49+
//This mode makes use of a pre-created IAM user with `AdministratorAccess` within the account that has proper permissions to create other roles and resources as needed. Using this account the service creates all the necessary resources that are needed for the cluster.
5050

5151
[id="rosa-understanding-billing-pricing_{context}"]
5252
== Billing and pricing

0 commit comments

Comments
 (0)