Automating AWS IAM Credential Rotation in Red Hat OpenShift Container Platform

Resolution

Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

• For OSD and ROSA clusters, refer to Rotate AWS IAM User Access Keys in OSD/ROSA.

• It's only supported manual credential rotation with Mint Mode in Cloud Credentials Operators:

  • Openshift to install using STS based credentials

  • Using manual mode with Amazon Web Services Secure Token Service

Note: This credentials strategy is supported for only new OpenShift Container Platform clusters and must be configured during installation. It's not possible to reconfigure an existing cluster that uses a different credentials strategy to use this feature.

• In the future with AWS Secure Token Service (STS), it will be a new function to allow creds to be automated, but it is not supported currently.

• Master KCS collection to manual rotation AWS IAM credentials

  • OpenShift 4 AWS cloud-credentials access key is expired.

  • Rotate OpenShift Machine API Operator AWS credentials

  • Rotate Openshift-ingress-operator AWS credentials

  • Rotate openshift-image-registry-operator AWS credentials

  • Update AWS Access Keys and Secrets in Openshift 4.x

  • Rotate the openshift-ingress operator credentials on OpenShift 4 AWS

  • Rotate the Cloud Credential Operator read-only credentials on OpenShift 4 AWS IPI

  • Rotate the aws-ebs-csi-driver-operator credentials on OpenShift 4 AWS

  • Rotate the noobaa-aws-cloud-creds credentials on Red Hat OpenShift 4 AWS IPI