Additional permissions for Red Hat OpenShift Service on AWS (ROSA) cluster infrastructure
Environment
- Red Hat OpenShift Service on AWS
- 4.x
Issue
- What is the appropriate approach for Red Hat SRE to manage clusters effectively?
- What strategies can be implemented to prevent delays in taking action on the cluster(s)?
The permissions are for situations such as:
- Control plane resizing
- AWS instance maintenance windows
- occasions where an instance is in an unresponsive state due to etcd or machine config
Resolution
In order for Red Hat SRE to appropriately manage clusters, there are a small set of additional permissions necessary for Red Hat OpenShift Service on AWS (ROSA) cluster infrastructure that were not included in the original permissions set for the Support Policy used by Red Hat customer support and SRE teams.
The permissions to be added are:
- EC2:StartInstances
- EC2:StopInstances
- EC2:ModifyInstanceAttribute
You can follow the instruction here to update the support policy with the given permissions.
The permissions above are relevant to the support and reliability of the service.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments