OSDOCS-14094: Applied changes to Preparing your Environment

Author: EricPonvelle

modules/mos-network-prereqs-min-bandwidth.adoc

@@ -7,6 +7,13 @@
 [id="mos-network-prereqs-min-bandwidth_{context}"]
 = Minimum bandwidth
 
-During cluster deployment, {product-title} requires a minimum bandwidth of 120{nbsp}Mbps between cluster infrastructure and the public internet or private network locations that provide deployment artifacts and resources. When network connectivity is slower than 120{nbsp}Mbps (for example, when connecting through a proxy) the cluster installation process times out and deployment fails.
+During cluster deployment, 
+ifdef::openshift-rosa[]
+{rosa-classic-short} 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short} 
+endif::openshift-rosa-hcp[]
+requires a minimum bandwidth of 120{nbsp}Mbps between cluster infrastructure and the public internet or private network locations that provide deployment artifacts and resources. When network connectivity is slower than 120{nbsp}Mbps (for example, when connecting through a proxy) the cluster installation process times out and deployment fails.
 
 After cluster deployment, network requirements are determined by your workload. However, a minimum bandwidth of 120{nbsp}Mbps helps to ensure timely cluster and operator upgrades.

modules/osd-aws-privatelink-firewall-prerequisites.adoc

@@ -7,7 +7,7 @@
 :_mod-docs-content-type: PROCEDURE
 ifdef::openshift-rosa[]
 [id="rosa-classic-firewall-prerequisites_{context}"]
-= Firewall prerequisites for ROSA (classic architecture) clusters using STS
+= Firewall prerequisites for {rosa-classic-short} clusters using STS
 endif::openshift-rosa[]
 ifdef::openshift-dedicated[]
 [id="osd-aws-privatelink-firewall-prerequisites_{context}"]

modules/rosa-aws-provisioned.adoc

@@ -6,7 +6,14 @@
 [id="rosa-aws-policy-provisioned_{context}"]
 = Provisioned AWS Infrastructure
 
-This is an overview of the provisioned {AWS} components on a deployed {product-title} (ROSA) cluster.
+This is an overview of the provisioned {AWS} components on a deployed 
+ifdef::openshift-rosa[]
+{rosa-classic-short} 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short} 
+endif::openshift-rosa-hcp[]
+cluster.
 
 [id="rosa-ec2-instances_{context}"]
 == EC2 instances
@@ -15,7 +22,12 @@ AWS EC2 instances are required to deploy
 ifndef::openshift-rosa-hcp[]
 the control plane and data plane functions for
 endif::openshift-rosa-hcp[]
-{product-title}.
+ifdef::openshift-rosa[]
+{rosa-classic-short}.
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}.
+endif::openshift-rosa-hcp[]
 
 ifndef::openshift-rosa-hcp[]
 Instance types can vary for control plane and infrastructure nodes, depending on the worker node count.
@@ -201,4 +213,11 @@ can add additional custom security groups during cluster creation. Custom securi
 
 * You must create the custom security groups in AWS before you create the cluster. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html[Amazon EC2 security groups for Linux instances].
 * You must associate the custom security groups with the VPC that the cluster will be installed into. Your custom security groups cannot be associated with another VPC.
-* You might need to request additional quota for your VPC if you are adding additional custom security groups. For information on AWS quota requirements for ROSA, see _Required AWS service quotas_ in _Prepare your environment_. For information on requesting an AWS quota increase, see link:https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html[Requesting a quota increase].
+* You might need to request additional quota for your VPC if you are adding additional custom security groups. For information on AWS quota requirements for 
+ifdef::openshift-rosa[]
+{rosa-classic-short}, 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}, 
+endif::openshift-rosa-hcp[]
+see _Required AWS service quotas_ in _Prepare your environment_. For information on requesting an AWS quota increase, see link:https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html[Requesting a quota increase].

modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc

@@ -11,16 +11,16 @@ endif::[]
 [id="rosa-sts-creating-account-wide-sts-roles-and-policies_{context}"]
 = Creating the account-wide STS roles and policies
 
-Before you create your {hcp-title-first} cluster, you must create the required account-wide roles and policies.
+Before you create your {rosa-short} cluster, you must create the required account-wide roles and policies.
 
 [NOTE]
 ====
-Specific AWS-managed policies for {hcp-title} must be attached to each role. Customer-managed policies must not be used with these required account roles. For more information regarding AWS-managed policies for {hcp-title} clusters, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol-account-policies.html[AWS managed policies for ROSA].
+Specific AWS-managed policies for {rosa-short} must be attached to each role. Customer-managed policies must not be used with these required account roles. For more information regarding AWS-managed policies for {rosa-short} clusters, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol-account-policies.html[AWS managed policies for ROSA].
 ====
 
 .Prerequisites
 
-* You have completed the AWS prerequisites for {hcp-title}.
+* You have completed the AWS prerequisites for {rosa-short}.
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
 * You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.

modules/rosa-hcp-firewall-prerequisites.adoc

@@ -6,9 +6,9 @@
 //TODO OSDOCS-11789: Why is this a procedure and not a reference?
 
 [id="rosa-hcp-firewall-prerequisites_{context}"]
-= Firewall prerequisites for {hcp-title}
+= Firewall prerequisites for {rosa-short}
 
-* If you are using a firewall to control egress traffic from {hcp-title-first}, your Virtual Private Cloud (VPC) must be able to complete requests from the cluster to the Amazon S3 service, for example, via an Amazon S3 gateway.
+* If you are using a firewall to control egress traffic from {rosa-short}, your Virtual Private Cloud (VPC) must be able to complete requests from the cluster to the Amazon S3 service, for example, via an Amazon S3 gateway.
 
 * You must also configure your firewall to grant access to the following domain and port combinations.
 //TODO OSDOCS-11789: From your deploy machine? From your cluster?

modules/rosa-prereq-roles-overview.adoc

@@ -1,12 +1,28 @@
 // Module included in the following assemblies:
-// * rosa_planning/rosa-hcp-prepare-iam-resources.adoc
+// * rosa_planning/rosa-sts-ocm-role.adoc
+// * rosa_planning/rosa-hcp-prepare-iam-roles-resources.adoc
+
 :_mod-docs-content-type: MODULE
 [id="rosa-prereq-roles-overview"]
 = Overview of required roles
 
-To create and manage your {product-title} cluster, you must create several account-wide and cluster-wide roles. If you intend to use {cluster-manager} to create or manage your cluster, you need some additional roles.
+To create and manage your 
+ifdef::openshift-rosa[]
+{rosa-classic-short}
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}
+endif::openshift-rosa-hcp[]
+cluster, you must create several account-wide and cluster-wide roles. If you intend to use {cluster-manager} to create or manage your cluster, you need some additional roles.
 
-To create and manage clusters:: Several account-wide roles are required to create and manage ROSA clusters. These roles only need to be created once per AWS account, and do not need to be created fresh for each cluster. One or more AWS managed policies are attached to each role to grant that role the required capabilities. You can specify your own prefix, or use the default prefix (`ManagedOpenShift`).
+To create and manage clusters:: Several account-wide roles are required to create and manage 
+ifdef::openshift-rosa[]
+{rosa-classic-short}
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}
+endif::openshift-rosa-hcp[]
+clusters. These roles only need to be created once per AWS account, and do not need to be created fresh for each cluster. One or more AWS managed policies are attached to each role to grant that role the required capabilities. You can specify your own prefix, or use the default prefix (`ManagedOpenShift`).
 +
 [NOTE]
 ====
@@ -52,7 +68,7 @@ Role creation does not request your AWS access or secret keys. AWS Security Toke
 To use Operator-managed cluster capabilities:: Some cluster capabilities, including several capabilities provided by default, are managed using Operators. Cluster-specific Operator roles (`operator-roles` in the ROSA CLI) are required to use these capabilities. These roles are used to obtain the temporary permissions required to carry out cluster operations such as managing back-end storage, ingress, and registry. Obtaining these permissions requires the configuration of an OpenID Connect (OIDC) provider, which connects to AWS Security Token Service (STS) to authenticate Operator access to AWS resources.
 ifndef::openshift-rosa-hcp[]
 +
-The following Operator roles are required for {product-title} clusters:
+The following Operator roles are required for {rosa-classic-short} clusters:
 
 ** `openshift-cluster-csi-drivers-ebs-cloud-credentials`
 ** `openshift-cloud-network-config-controller-cloud-credentials`
@@ -65,7 +81,7 @@ The following Operator roles are required for {product-title} clusters:
 endif::openshift-rosa-hcp[]
 ifdef::openshift-rosa-hcp[]
 +
-For {hcp-title} clusters, you must create the following Operator roles and attach the indicated AWS Managed policies:
+For {rosa-short} clusters, you must create the following Operator roles and attach the indicated AWS Managed policies:
 +
 .Required Operator roles and AWS Managed policies for {hcp-title}
 [options="header"]
@@ -101,7 +117,6 @@ For {hcp-title} clusters, you must create the following Operator roles and attac
 endif::openshift-rosa-hcp[]
 When you create Operator roles using the `rosa create operator-role` command, the roles created are named using the pattern `<cluster_name>-<hash>-<role_name>`, for example, `test-abc1-kube-system-control-plane-operator`. When your cluster name is longer than 15 characters, the role name is truncated.
 
-
 To use {cluster-manager}:: The web user interface, {cluster-manager}, requires you to create additional roles in your AWS account to create a trust relationship between that AWS account and the {cluster-manager}.
 +
 This trust relationship is achieved through the creation and association of the `ocm-role` AWS IAM role. This role has a trust policy with the AWS installer that links your Red{nbsp}Hat account to your AWS account. In addition, you also need a `user-role` AWS IAM role for each web UI user, which serves to identify these users. This `user-role` AWS IAM role has no permissions.

modules/rosa-requirements-deploying-in-opt-in-regions.adoc

@@ -5,7 +5,14 @@
 [id="rosa-requirements-deploying-in-opt-in-regions_{context}"]
 = Requirements for deploying a cluster in an opt-in region
 
-An AWS opt-in region is a region that is not enabled in your AWS account by default. If you want to deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS) in an opt-in region, you must meet the following requirements:
+An AWS opt-in region is a region that is not enabled in your AWS account by default. If you want to deploy a 
+ifdef::openshift-rosa[]
+{rosa-classic-short} 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short} 
+endif::openshift-rosa-hcp[]
+cluster that uses the AWS Security Token Service (STS) in an opt-in region, you must meet the following requirements:
 
 * The region must be enabled in your AWS account. For more information about enabling opt-in regions, see link:https://docs.aws.amazon.com/general/latest/gr/rande-manage.html[Managing AWS Regions] in the AWS documentation.
 * The security token version in your AWS account must be set to version 2. You cannot use version 1 security tokens for opt-in regions.

modules/rosa-setting-the-aws-security-token-version.adoc

@@ -6,7 +6,14 @@
 [id="rosa-setting-the-aws-security-token-version_{context}"]
 = Setting the AWS security token version
 
-If you want to create a {product-title} (ROSA) cluster with the AWS Security Token Service (STS) in an AWS opt-in region, you must set the security token version to version 2 in your AWS account.
+If you want to create a 
+ifdef::openshift-rosa[]
+{rosa-classic-short} 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short} 
+endif::openshift-rosa-hcp[]
+cluster with the AWS Security Token Service (STS) in an AWS opt-in region, you must set the security token version to version 2 in your AWS account.
 
 .Prerequisites
 

modules/rosa-sts-about-ocm-role.adoc

@@ -5,7 +5,7 @@
 [id="rosa-sts-about-ocm-role_{context}"]
 = About the ocm-role IAM resource
 
-You must create the `ocm-role` IAM resource to enable a Red{nbsp}Hat organization of users to create {product-title} (ROSA) clusters. Within the context of linking to AWS, a Red{nbsp}Hat organization is a single user within {cluster-manager}.
+You must create the `ocm-role` IAM resource to enable a Red{nbsp}Hat organization of users to create {rosa-classic-short} clusters. Within the context of linking to AWS, a Red{nbsp}Hat organization is a single user within {cluster-manager}.
 
 Some considerations for your `ocm-role` IAM resource are:
 

modules/rosa-sts-associating-your-aws-account.adoc

@@ -21,19 +21,19 @@ ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly"]
 endif::[]
 
 Before using {cluster-manager-first} on the {hybrid-console-url} to create
-ifdef::rosa-hcp[]
-{hcp-title} clusters
-endif::rosa-hcp[]
-ifndef::rosa-hcp[]
-{product-title} (ROSA) clusters
-endif::rosa-hcp[]
-that use the AWS Security Token Service (STS), create an {cluster-manager} IAM role and link it to your Red{nbsp}Hat organization. Then, create a user IAM role and link it to your Red{nbsp}Hat user account in the same Red{nbsp}Hat organization.
+ifdef::openshift-rosa[]
+{rosa-classic-short} 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short} 
+endif::openshift-rosa-hcp[]
+clusters that use the AWS Security Token Service (STS), create an {cluster-manager} IAM role and link it to your Red{nbsp}Hat organization. Then, create a user IAM role and link it to your Red{nbsp}Hat user account in the same Red{nbsp}Hat organization.
 
 ifdef::quick-install[]
 .Prerequisites
 
 ifdef::rosa-hcp[]
-* You have completed the AWS prerequisites for {hcp-title}.
+* You have completed the AWS prerequisites for {rosa-short}.
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
 * You have completed the AWS prerequisites for ROSA with STS.
@@ -46,7 +46,7 @@ endif::rosa-hcp[]
 ====
 To successfully install
 ifdef::rosa-hcp[]
-{hcp-title}
+{rosa-short}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
 ROSA
@@ -65,7 +65,7 @@ endif::[]
 ====
 To enable automatic deployment of the cluster-specific Operator roles and the OpenID Connect (OIDC) provider using the {cluster-manager} {hybrid-console-second}, you must apply the administrative privileges to the role by choosing the _Admin OCM role_ command in the *Accounts and roles* step of creating a
 ifdef::rosa-hcp[]
-{hcp-title}
+{rosa-short}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
 ROSA
@@ -77,14 +77,14 @@ cluster. For more information about the basic and administrative privileges for
 ====
 If you choose the _Basic OCM role_ command in the *Accounts and roles* step of creating a
 ifdef::rosa-hcp[]
-{hcp-title}
+{rosa-short}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
 ROSA
 endif::rosa-hcp[]
 cluster in the {cluster-manager} {hybrid-console-second}, you must deploy a
 ifdef::rosa-hcp[]
-{hcp-title}
+{rosa-short}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
 ROSA