Merge pull request #77388 from mletalie/OSDOCS-10836

[OSDOCS-10836]: What's New (RNs): XCMSTRAT-305

Author: EricPonvelle

rosa_release_notes/rosa-release-notes.adoc

@@ -22,6 +22,10 @@ toc::[]
 +
 Access requests to customer data on ROSA clusters and the corresponding cloud accounts can be created by Red{nbsp}Hat SRE either in response to a customer-initiated support ticket or in response to alerts received by a Red{nbsp}Hat SRE, as part of the standard incident response process. For more information, see xref:../support/approved-access.adoc#approved-access[Approved Access]. This is applicable to ROSA and Red{nbsp}Hat OpenShift Service on AWS (classic architecture).
 
+* **ROSA command enhancement.** The `rosa describe` command has a new optional argument, `--get-role-policy-bindings`. This new argument allows users to view the policies attached to STS roles assigned to the selected cluster. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-describe-cluster_rosa-managing-objects-cli[describe cluster].
+
+* **Expanded customer-managed policy capabilities.** You can now attach customer-managed policies to the IAM roles required to run both ROSA (classic architecture) and ROSA clusters. Furthermore, these customer-managed policies, including the permissions attached to those policies, are not modified during cluster or role upgrades. For more information, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-aws-customer-managed-policies_rosa-sts-about-iam-resources[Customer-managed policies].
+
 * **Permission boundaries for the installer role policy.** You can apply a policy as a _permissions boundary_ on the ROSA installer role. The combination of policy and boundary policy limits the maximum permissions for the Amazon Web Services(AWS) Identity and Access Management (IAM) entity role. ROSA includes a set of three prepared permission boundary policy files, with which you can restrict permissions for the installer role since changing the installer policy itself is not supported. For more information, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-aws-requirements-attaching-boundary-policy_rosa-sts-about-iam-resources[Permission boundaries for the installer role]. This is applicable only to Red{nbsp}Hat OpenShift Service on AWS (classic architecture).
 
 * **Cluster delete protection.** You can now enable the cluster delete protection option, which helps to prevent you from accidentally deleting a cluster. For more information on using the cluster delete protection option with the ROSA CLI, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-edit-cluster_rosa-managing-objects-cli[edit cluster]. For more information on using the cluster delete protection option in the UI, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-using-defaults-ocm_rosa-sts-creating-a-cluster-quickly[Creating a cluster with the default options using OpenShift Cluster Manager].
@@ -152,4 +156,4 @@ Some features available in previous releases have been deprecated or removed. De
 
 * **ROSA non-STS deployment mode.** ROSA non-STS deployment mode is no longer the preferred method for new clusters. Instead, users must deploy ROSA with the STS mode. This deprecation is in line with our new ROSA provisioning wizard UI experience at https://console.redhat.com/openshift/create/rosa/wizard.
 
-* **Label removal on core namespaces.** ROSA is no longer labeling OpenShift core using the `name` label. Customers should migrate to referencing the `kubernetes.io/metadata.name` label if needed for Network Policies or other use cases.
+* **Label removal on core namespaces.** ROSA is no longer labeling OpenShift core using the `name` label. Customers should migrate to referencing the `kubernetes.io/metadata.name` label if needed for Network Policies or other use cases.