OSDOCS-15140: Updated HCP Install guide for migration

Author: EricPonvelle

modules/rosa-getting-started-deleting-a-cluster.adoc

@@ -5,7 +5,7 @@
 
 :_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-deleting-a-cluster_{context}"]
-= Deleting a ROSA cluster and the AWS STS resources
+= Deleting a ROSA cluster and the AWS IAM STS resources
 
 ifeval::["{context}" == "rosa-getting-started"]
 :getting-started:
@@ -15,15 +15,15 @@ ifeval::["{context}" == "rosa-quickstart"]
 endif::[]
 
 ifdef::openshift-rosa-hcp[]
-You can delete a ROSA cluster by using the {product-title} (ROSA) CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console.
+You can delete a ROSA cluster by using the ROSA CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide and Operator policies, you can use the AWS IAM Console or the AWS CLI.
 endif::openshift-rosa-hcp[]
 ifndef::openshift-rosa-hcp[]
-You can delete a ROSA cluster that uses the AWS Security Token Service (STS) by using the {product-title} (ROSA) CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console.
+You can delete a ROSA cluster that uses the AWS Security Token Service (STS) by using the ROSA CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console or the AWS CLI.
 endif::openshift-rosa-hcp[]
 
 [IMPORTANT]
 ====
-Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are not required by other clusters.
+Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are **not** required by other clusters.
 ====
 
 ifdef::getting-started[]
@@ -45,10 +45,10 @@ $ rosa delete cluster --cluster=<cluster_name> --watch
 +
 [IMPORTANT]
 ====
-You must wait for the cluster deletion to complete before you remove the IAM roles, policies, and OIDC provider. The account-wide roles are required to delete the resources created by the installer. The cluster-specific Operator roles are required to clean-up the resources created by the OpenShift Operators. The Operators use the OIDC provider to authenticate.
+You must wait for the cluster deletion to complete before you remove the IAM roles, policies, and OIDC provider. The account-wide roles are required to delete the resources created by the installer. The cluster-specific Operator roles are required to clean-up the resources created by the OpenShift Operators. The Operators use the OIDC provider to authenticate with AWS APIs.
 ====
 
-.  Delete the OIDC provider that the cluster Operators use to authenticate:
+.  After the cluster is deleted, delete the OIDC provider that the cluster Operators use to authenticate:
 +
 [source,terminal]
 ----
@@ -73,27 +73,27 @@ $ rosa delete operator-roles -c <cluster_id> --mode auto <1>
 +
 [IMPORTANT]
 ====
-Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are not required by other clusters.
+Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are **not** required by other clusters.
 ====
 +
 [source,terminal]
 ----
 $ rosa delete account-roles --prefix <prefix> --mode auto <1>
 ----
-<1> You must include the `--<prefix>` argument. Replace `<prefix>` with the prefix of the account-wide roles to delete. If you did not specify a custom prefix when you created the account-wide roles, specify the default prefix, `ManagedOpenShift`.
+<1> You must include the `--<prefix>` argument. Replace `<prefix>` with the prefix of the account-wide roles to delete. If you did not specify a custom prefix when you created the account-wide roles, specify the default prefix, depending on how they were created, `HCP-ROSA` or `ManagedOpenShift`.
 
 ifdef::openshift-rosa-hcp[]
-. Delete the account-wide inline and Operator IAM policies that you created for ROSA deployments:
+. Delete the account-wide and Operator IAM policies that you created for ROSA deployments:
 endif::openshift-rosa-hcp[]
 ifndef::openshift-rosa-hcp[]
-. Delete the account-wide inline and Operator IAM policies that you created for ROSA deployments that use STS:
+. Delete the account-wide and Operator IAM policies that you created for ROSA deployments that use STS:
 endif::openshift-rosa-hcp[]
 +
 .. Log in to the link:https://console.aws.amazon.com/iamv2/home#/home[AWS IAM Console].
 .. Navigate to *Access management* -> *Policies* and select the checkbox for one of the account-wide policies.
 .. With the policy selected, click on *Actions* -> *Delete* to open the delete policy dialog.
 .. Enter the policy name to confirm the deletion and select *Delete* to delete the policy.
-.. Repeat this step to delete each of the account-wide inline and Operator policies for the cluster.
+.. Repeat this step to delete each of the account-wide and Operator policies for the cluster.
 
 ifeval::["{context}" == "rosa-getting-started"]
 :getting-started:

modules/rosa-hcp-create-network.adoc

@@ -10,11 +10,11 @@ ifeval::["{context}" == "rosa-hcp-egress-zero-install"]
 endif::[]
 :_mod-docs-content-type: PROCEDURE
 [id="rosa-hcp-create-network_{context}"]
-= Creating a Virtual Private Cloud using the ROSA CLI
+= Creating an AWS VPC using the ROSA CLI
 
-The `rosa create network` command is available in v.1.2.48 or later of the ROSA command-line interface (CLI). The command uses AWS CloudFormation to create a VPC and the other networking components used to install a ROSA cluster. CloudFormation is a native AWS infrastructure-as-code tool and is compatible with the AWS CLI.
+The `rosa create network` command is available in v.1.2.48 or later of the ROSA command-line interface (CLI). The command uses AWS CloudFormation to create a VPC and associated networking components necessary to install a ROSA cluster. CloudFormation is a native AWS infrastructure-as-code tool and is compatible with the AWS CLI.
 
-If you do not specify a template, CloudFormation uses a default template that creates the following parameters:
+If you do not specify a template, CloudFormation uses a default template that creates resources with the following parameters:
 
 [cols="2a,3a",options="header"]
 |===

modules/rosa-hcp-vpc-manual.adoc

@@ -8,9 +8,9 @@ endif::[]
 
 :_mod-docs-content-type: PREFERENCE
 [id="rosa-hcp-vpc-manual_{context}"]
-= Creating a Virtual Private Cloud manually
+= Creating an AWS Virtual Private Cloud manually
 
-If you choose to manually create your Virtual Private Cloud (VPC) instead of using Terraform, go to link:https://us-east-1.console.aws.amazon.com/vpc/[the VPC page in the AWS console].
+If you choose to manually create your AWS Virtual Private Cloud (VPC) instead of using Terraform, go to link:https://us-east-1.console.aws.amazon.com/vpc/[the VPC page in the AWS console].
 
 include::snippets/rosa-existing-vpc-requirements.adoc[leveloffset=+0]
 
@@ -19,7 +19,7 @@ ifdef::rosa-egress-lockdown[]
 [id="rosa-hcp-vpc-subnet-tagging-manual_{context}"]
 == Tagging your subnets
 
-Before you can use your VPC to create a {hcp-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources:
+Before you can use your VPC to create a {rosa-short} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources:
 
 [cols="3a,8a,8a", options="header"]
 |===

modules/rosa-hcp-vpc-subnet-tagging.adoc

@@ -5,7 +5,7 @@
 [id="rosa-hcp-vpc-subnet-tagging_{context}"]
 = Tagging your subnets
 
-Before you can use your VPC to create a {hcp-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly before you can use these resources. The following table shows how your resources should be tagged as the following:
+Before you can use your VPC to create a {rosa-short} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly before you can use these resources for a cluster. The following table shows how your resources should be tagged:
 
 [cols="3a,8a,8a", options="header"]
 |===
@@ -15,17 +15,17 @@ Before you can use your VPC to create a {hcp-title} cluster, you must tag your V
 
 | Public subnet
 | `kubernetes.io/role/elb`	
-| `1` or no value
+| `1` (or no value)
 
 | Private subnet 
 | `kubernetes.io/role/internal-elb`	
-| `1` or no value
+| `1` (or no value)
 
 |===
 
 [NOTE]
 ====
-You must tag at least one private subnet and, if applicable, and one public subnet.
+You must tag at least one private subnet and, if applicable, one public subnet.
 ====
 
 .Prerequisites

modules/rosa-sts-byo-oidc.adoc

@@ -11,7 +11,7 @@
 [id="rosa-sts-byo-oidc_{context}"]
 = Creating an OpenID Connect configuration
 
-When using a
+When creating a
 ifdef::openshift-rosa-hcp[]
 {rosa-short}
 endif::openshift-rosa-hcp[]

modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc

@@ -14,7 +14,7 @@ ifeval::["{context}" == "rosa-quickstart"]
 :quickstart:
 endif::[]
 
-Before using the {cluster-manager-first} {hybrid-console-second} to create {product-title} (ROSA) clusters that use the AWS Security Token Service (STS), create the required account-wide STS roles and policies, including the Operator policies.
+Before using the {hybrid-console} to create {product-title} clusters that use the AWS Security Token Service (STS), create the required account-wide STS roles and policies, including the Operator policies.
 
 ifdef::quick-install[]
 .Prerequisites
@@ -37,11 +37,19 @@ $ rosa list account-roles
 ----
 endif::[]
 
-. If they do not exist in your AWS account, create the required account-wide STS roles and policies:
+. If they do not exist in your AWS account, create the required account-wide AWS IAM STS roles and policies:
 +
+ifdef::openshift-rosa[]
 [source,terminal]
 ----
 $ rosa create account-roles
 ----
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+[source,terminal]
+----
+$ rosa create account-roles --hosted-cp
+----
+endif::openshift-rosa-hcp[]
 +
 Select the default values at the prompts to quickly create the roles and policies.

modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc

@@ -1,18 +1,18 @@
 // Module included in the following assemblies:
 //
+// * rosa_getting_started/rosa-quickstart-guide-ui.adoc
+// * rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc
+// * rosa_hcp/rosa-hcp-quickstart-guide.adoc
 // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
+// * rosa_install_access_delete_clusters/terraform/rosa-classic-creating-a-cluster-quickly-terraform.adoc
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
-// * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
 ifeval::["{context}" == "rosa-classic-creating-a-cluster-quickly-terraform"]
 :tf-classic:
 endif::[]
 ifeval::["{context}" == "rosa-hcp-creating-a-cluster-quickly-terraform"]
 :tf-hcp:
 endif::[]
-ifeval::["{context}" == "rosa-hcp-sts-creating-a-cluster-quickly"]
-:hcp-rosa:
-endif::[]
 
 :_mod-docs-content-type: CONCEPT
 [id="rosa-sts-overview-of-the-default-cluster-specifications_{context}"]
@@ -48,9 +48,16 @@ ifdef::tf-classic,tf-hcp[]
 * Default IAM role prefix: `rosa-<6-digit-alphanumeric-string>`
 endif::tf-classic,tf-hcp[]
 ifndef::tf-classic,tf-hcp[]
+ifdef::openshift-rosa[]
 * Default IAM role prefix: `ManagedOpenShift`
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+* Default IAM role prefix: `HCP-ROSA`
+endif::openshift-rosa-hcp[]
 endif::tf-classic,tf-hcp[]
+ifndef::openshift-rosa-hcp[]
 * No cluster admin role created
+endif::openshift-rosa-hcp[]
 
 |Cluster settings
 |
@@ -70,29 +77,32 @@ ifdef::openshift-rosa-hcp[]
 * Default AWS region for installations using the ROSA CLI (`rosa`): Defined by your `aws` CLI configuration
 * Default EC2 IMDS endpoints (both v1 and v2) are enabled
 endif::openshift-rosa-hcp[]
-* Availability: Single zone for the data plane
 endif::tf-classic,tf-hcp[]
-ifndef::rosa-hcp,tf-hcp[]
+ifndef::openshift-rosa-hcp,tf-hcp[]
 * EC2 Instance Metadata Service (IMDS) is enabled and allows the use of IMDSv1 or IMDSv2 (token optional)
-endif::rosa-hcp,tf-hcp[]
+endif::openshift-rosa-hcp,tf-hcp[]
+* Availability: Single zone for the data plane
 * Monitoring for user-defined projects: Enabled
-ifndef::openshift-rosa-hcp,hcp-rosa[]
+ifdef::openshift-rosa-hcp[]
+* No cluster admin role created
+endif::openshift-rosa-hcp[]
+ifndef::openshift-rosa-hcp[]
 |Encryption
 |* Cloud storage is encrypted at rest
 * Additional etcd encryption is not enabled
 * The default AWS Key Management Service (KMS) key is used as the encryption key for persistent data
-endif::openshift-rosa-hcp,hcp-rosa[]
+endif::openshift-rosa-hcp[]
 
-ifdef::openshift-rosa,openshift-rosa-hcp,tf-classic[]
+ifdef::openshift-rosa,tf-classic[]
 |Control plane node configuration
 |* Control plane node instance type: m5.2xlarge (8 vCPU, 32 GiB RAM)
 * Control plane node count: 3
-endif::openshift-rosa,openshift-rosa-hcp,tf-classic[]
-ifndef::openshift-rosa-hcp,hcp-rosa[]
+endif::openshift-rosa,tf-classic[]
+ifndef::openshift-rosa-hcp[]
 |Infrastructure node configuration
 |* Infrastructure node instance type: r5.xlarge (4 vCPU, 32 GiB RAM)
 * Infrastructure node count: 2
-endif::openshift-rosa-hcp,hcp-rosa[]
+endif::openshift-rosa-hcp[]
 
 |Compute node machine pool
 |* Compute node instance type: m5.xlarge (4 vCPU 16, GiB RAM)
@@ -145,7 +155,7 @@ endif::openshift-rosa-hcp[]
 +
 [NOTE]
 ====
-For installations that use {cluster-manager} on the {hybrid-console-second}, the `auto` mode requires an admin-privileged {cluster-manager} role.
+For installations that use {cluster-manager} on the {hybrid-console-second}, the `auto` mode requires an admin-privileged {cluster-manager} role (ocm-role).
 ====
 ifdef::tf-classic,tf-hcp[]
 * Default Operator role prefix: `rosa-<6-digit-alphanumeric-string>`
@@ -175,7 +185,4 @@ endif::[]
 ifeval::["{context}" == "rosa-hcp-creating-a-cluster-quickly-terraform"]
 :!tf-hcp:
 endif::[]
-ifeval::["{context}" == "rosa-hcp-sts-creating-a-cluster-quickly"]
-:!hcp-rosa:
-endif::[]
 

rosa_hcp/rosa-hcp-quickstart-guide.adoc

@@ -19,22 +19,22 @@ include::modules/rosa-getting-started-install-configure-cli-tools.adoc[leveloffs
 
 .Next steps
 
-Before you can use the {cluster-manager} {hybrid-console-second} to deploy ROSA clusters, you must associate your AWS account with your Red{nbsp}Hat organization and create the required account-wide STS roles and policies.
+Before you can use the {hybrid-console} to deploy {rosa-short} clusters, you must associate your AWS account with your Red{nbsp}Hat organization and create the required account-wide AWS IAM STS roles and policies for ROSA.
 
 include::modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+1]
 
 [id="rosa-hcp-quickstart-creating-vpc"]
-== Creating a Virtual Private Cloud for your {hcp-title} clusters
+== Creating a Virtual Private Cloud for your {rosa-short} clusters
 
-You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You can use the following methods to create a VPC:
+You must have an AWS Virtual Private Cloud (VPC) to create a {rosa-short} cluster. You can use the following methods to create a VPC:
 
 * Create a VPC using the ROSA CLI
 * Create a VPC by using a Terraform template
 * Manually create the VPC resources in the AWS console
 
 [NOTE]
 ====
-The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform script it is in the same region that you intend to install your cluster. In these examples, use `us-east-2`.
+The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this linked Terraform configuration, it is in the same region that you intend to install your cluster. In these examples, `us-east-2` is used.
 ====
 
 [discrete]