OCPBUGS-14862 Improve clarity around hypershift operator permissions

[mjlshen]

• The operator now expects to be able to perform ec2:RejectVpcEndpointConnections
• The message of AWS errors is logged, which can help identify which AWS operation is running into errors.

What this PR does / why we need it:
In response to feedback during QA, we should document required permissions and return AWS error messages to improve the troubleshooting experience when AWS permissions are missing.

Which issue(s) this PR fixes:
OCPBUGS-14862

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

[netlify]

✅ Deploy Preview for hypershift-docs ready!

Name	Link
🔨 Latest commit	7976ad6
🔍 Latest deploy log	https://app.netlify.com/sites/hypershift-docs/deploys/64a9ecba9cdf260008c2d062
😎 Deploy Preview	https://deploy-preview-2782--hypershift-docs.netlify.app/how-to/aws/deploy-aws-private-clusters
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[mjlshen]

/retest

[mjlshen]

Logging the error message instead of returning it because of feedback I received:

the reason we don't include the error message in the error we return is that AWS usually puts something in there that changes every time. And we update the HostedCluster status with the text from the error we return. That means that if we're constantly getting an error, we're going to be updating the HC status many times, which is not a good thing.

cc @csrwng

[mjlshen]

/retest

[csrwng]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csrwng, mjlshen

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [csrwng]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[muraee]

/lgtm

[csrwng]

/cherry-pick release-4.13

[openshift-cherrypick-robot]

@csrwng: once the present PR merges, I will cherry-pick it on top of release-4.13 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[mjlshen]

/test e2e-kubevirt-aws-ovn

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 9776a1f and 2 for PR HEAD 961491d in total

[mjlshen]

/retest

[mjlshen]

/retest

[mjlshen]

/retest

[mjlshen]

/retest

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD bf1f476 and 1 for PR HEAD 961491d in total

[mjlshen]

/retest

[openshift-ci]

@mjlshen: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-cherrypick-robot]

@csrwng: new pull request created: #2810

In response to this:

/cherry-pick release-4.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.