ROSA STS roles and policies prompt to update to the latest by default

Resolution

• The upgrade process is set in the way to upgrade roles and polices to the latest available. The account roles and policies are backward compatible. There is no harm/issue in upgrading to the higher version.

For example:
Upgrading a cluster to version 4.12.z will prompt to upgrade roles and policies to the version 4.13

 $ rosa upgrade cluster --cluster=rosacluster 

? Version: 4.12.19
? IAM Roles/Policies upgrade mode: auto
I: Ensuring account and operator role policies for cluster 'xxxxxxxxxxxxxxxxxxxxxxxxxxx' are compatible with upgrade.
I: Starting to upgrade the policies
? Upgrade the 'ManagedOpenShift-Worker-Role' role policy to latest version (4.13) ? Yes
? More than one policy attached to account role 'ManagedOpenShift-Worker-Role'.
    Would you like to dettach current policies and setup a new one ? Yes
I: Upgraded policy with ARN 'arn:aws:iam::xxxxxxxxxxxx:policy/ManagedOpenShift-Worker-Role-Policy' to version '4.13'
? Upgrade the 'ManagedOpenShift-Support-Role' role policy to latest version (4.13) ? Yes
I: Upgraded policy with ARN 'arn:aws:iam::xxxxxxxxxxxx:policy/ManagedOpenShift-Support-Role-Policy' to version '4.13'
? Upgrade the 'ManagedOpenShift-Installer-Role' role policy to latest version (4.13) ? Yes
I: Upgraded policy with ARN 'arn:aws:iam::xxxxxxxxxxxx:policy/ManagedOpenShift-Installer-Role-Policy' to version '4.13'
? Upgrade the 'ManagedOpenShift-ControlPlane-Role' role policy to latest version (4.13) ? Yes
I: Upgraded policy with ARN 'arn:aws:iam::xxxxxxxxxxxx:policy/ManagedOpenShift-ControlPlane-Role-Policy' to version '4.13'
? Upgrade each operator role policy to latest version (4.13)? (Y/n)

• The KCS article provided in the link that will guide you through the process of upgrading ROSA (STS) clusters.

• Additionally, you can refer to the official ROSA documentation for more detailed instructions.