_attributes/attributes-openshift-dedicated.adoc :context: rosa-sts-ocm-role
{product-title} (ROSA) web UI needs you to have some permissions on your AWS account that create a trust relationship to provide the end-user experience at {cluster-manager-url} and for the rosa command line interface (CLI).
This trust relationship is achieved through the creation and association of two AWS IAM roles:
-
ocm-role -
user-role
If you use the rosa CLI, the rosa tool creates a number of these required permissions for you. This creation is available since your user account authenticates for both Red Hat and AWS. In the {cluster-manager} web UI, you need to create these roles.
|
Note
|
Role creation does not request your AWS access or secret keys. This is because it uses an AWS Secure Token Service (STS) as the basis of its workflow. |
modules/rosa-sts-about-ocm-role.adoc modules/rosa-sts-ocm-role-creation.adoc modules/rosa-sts-about-user-role.adoc modules/rosa-sts-user-role-creation.adoc modules/rosa-sts-aws-requirements-association-concept.adoc modules/rosa-sts-aws-requirements-creating-association.adoc modules/rosa-sts-aws-requirements-creating-multi-association.adoc