What is the minimum set of AWS permissions necessary for deploying an STS ROSA cluster?

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Service on AWS

Issue

  • Define the minimum set of AWS permissions necessary for deploying an STS ROSA cluster.
  • Minimum set of effective permissions for service control policies (SCP)
  • Provide a JSON with minimun necessary permissions for deploying an STS ROSA cluster

Resolution

The permissions below are the minimum set necessary for deploying and maintaining an STS ROSA cluster as per product documentation:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:ViewSubscriptions",
                "aws-marketplace:Unsubscribe",
                "s3:*",
                "cloudtrail:*",
                "logs:*",
                "aws-marketplace:Subscribe",
                "elasticloadbalancing:*",
                "autoscaling:*",
                "support:*",
                "iam:*",
                "cloudwatch:*",
                "kms:*",
                "route53:*",
                "ec2:*",
                "tag:*"
            ],
            "Resource": "*"
        }
    ]
}

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments