Fix issue DPTP-4756 Add AWS STS role chaining documentation#603
Fix issue DPTP-4756 Add AWS STS role chaining documentation#603bear-redhat wants to merge 1 commit into
Conversation
Add architecture doc explaining the three-hop STS credential chain (home -> hub -> target) that replaces static .awscred IAM keys. Covers ci-operator activation logic, OpenShift installer credential modes (Mint, Passthrough, Manual/STS), the minimal permissions mechanism for bridging STS with the installer, CloudFormation templates, and the shared hub account model. Update the cluster profile how-to with STS as the recommended alternative to static credentials. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bear-redhat The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
|
/retest |
|
@bear-redhat: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
1 participant
Add architecture doc explaining the three-hop STS credential chain (home -> hub -> target) that replaces static .awscred IAM keys. Covers ci-operator activation logic, OpenShift installer credential modes (Mint, Passthrough, Manual/STS), the minimal permissions mechanism for bridging STS with the installer, CloudFormation templates, and the shared hub account model.
Update the cluster profile how-to with STS as the recommended alternative to static credentials.
🤖 Generated with Claude Code