_attributes/attributes-openshift-dedicated.adoc :context: rosa-sts-aws-prereqs
{product-title} (ROSA) provides a model that allows Red Hat to deploy clusters into a customer’s existing Amazon Web Service (AWS) account.
Ensure that the following AWS prerequisites are met before installing ROSA with STS.
|
Important
|
When you create a ROSA cluster using AWS STS, an associated AWS OpenID Connect (OIDC) identity provider is created as well. This OIDC provider configuration relies on a public key that is located in the |
The following prerequisites must be complete before you deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS).
modules/rosa-sts-aws-requirements-support-req.adoc modules/rosa-sts-aws-requirements-security-req.adoc
modules/rosa-sts-aws-requirements-ocm.adoc modules/rosa-sts-aws-requirements-association-concept.adoc modules/rosa-sts-aws-requirements-creating-association.adoc
-
See Account-wide IAM role and policy reference for a list of IAM roles needed for cluster creation.
With the STS deployment model, Red Hat is no longer responsible for creating and managing Amazon Web Services (AWS) IAM policies, IAM users, or IAM roles. For information on creating these roles and policies, see the following sections on IAM roles.
-
To use the
ocmCLI, you must have anocm-roleanduser-roleresource. See OpenShift Cluster Manager IAM role resources. -
If you have a single cluster, see Account-wide IAM role and policy reference.
-
For every cluster, you must have the necessary operator roles. See Cluster-specific Operator IAM role reference.