AWS conditional policy support for aws:SourceIP and aws:SourceVPC

Solution In Progress - Updated -

Issue

  • Security policy requires that IAM User accounts with access keys be restricted to IP addresses and VPCs that are owned by the company so they are not used from unauthorized locations.
    The OpenShift Credentials Operator and the openshift-install command need to pass either the aws:SourceIP value if run outside of a VPC or aws:SourceVPC value if on a VPC to provide the same environment information of the execution environment so policies based on these values evaluate correctly.

Environment

  • OpenShift Container Platform 4.3
  • AWS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content