diff --git a/modules/rosa-govcloud-deploy-cluster.adoc b/modules/rosa-govcloud-deploy-cluster.adoc index 219410399677..24ba25e499ac 100644 --- a/modules/rosa-govcloud-deploy-cluster.adoc +++ b/modules/rosa-govcloud-deploy-cluster.adoc @@ -5,6 +5,7 @@ [id="rosa-govcloud-deploy-cluster_{context}"] = Preparing to deploy a {product-title} cluster in AWS GovCloud +[role="_abstract"] To deploy a {product-title} cluster in AWS GovCloud, you must be logged in to your Red{nbsp}Hat FedRAMP account. .Prerequisites @@ -20,19 +21,19 @@ To deploy a {product-title} cluster in AWS GovCloud, you must be logged in to yo + . In your terminal: + -.. Run `rosa login` and paste your copied token in order to log into the service. +.. Run `rosa login` and paste your copied token to log in to the service. + [source,terminal] ---- $ rosa login --govcloud --token= ---- + -==== [NOTE] -Depending on your AWS CLI configuration, you may need to add a government region to the end of the command string like `--region us-gov-west-1`. +==== +Depending on your AWS CLI configuration, you might need to add a government region to the end of the command string, such as `--region us-gov-west-1`. ==== + -.. Run `rosa whoami` to confirm all information is correct ensuring that you are using the AWS Gov region and the OCM API is “https://api.openshiftusgov.com”.. +.. Run `rosa whoami` to confirm all information is correct ensuring that you are using the AWS Gov region and the {cluster-manager-first} API is “https://api.openshiftusgov.com”.. + [source,terminal] ---- diff --git a/modules/rosa-govcloud-fedramp-signup.adoc b/modules/rosa-govcloud-fedramp-signup.adoc index 63b20c4eb928..e7f7df70889a 100644 --- a/modules/rosa-govcloud-fedramp-signup.adoc +++ b/modules/rosa-govcloud-fedramp-signup.adoc @@ -6,34 +6,30 @@ [id="rosa-govcloud-fedramp-signup_{context}"] = Signing up for a Red Hat FedRAMP account +[role="_abstract"] To access {product-title} in AWS GovCloud, you must sign up for a Red{nbsp}Hat FedRAMP account. .Procedure -. Navigate to link:https://console.redhat.com/openshift/create/rosa/govcloud[]. +. Navigate to link:https://console.redhat.com/openshift/create/rosa/govcloud[the ROSA GovCloud access request form]. . Complete the access request form. -. Click *Submit* to sign up. +. Click *Submit* to sign up. You receive a _Submission confirmation_. + -You will receive a _Submission confirmation_. - -Red{nbsp}Hat's confirmed stateside support team will contact you through email for the following information: - -* *Admin details* to include your _organization name_, _administrator first and last name_ and _administrator email_. - +Red{nbsp}Hat's confirmed stateside support team contacts you through email for the following information: ++ +* *Admin details* to include your _organization name_, _administrator first and surname_ and _administrator email_. * *User authentication* option to the FedRAMP {hybrid-console-second} from one of the following two options: - -** _Local group in a Red{nbsp}Hat managed Keycloak instance_, where users will be required to setup multi-factor authentication (MFA) with an approved device. +** _Local group in a Red{nbsp}Hat managed Keycloak instance_, where users will be required to setup multifactor authentication (MFA) with an approved device. + -==== [NOTE] +==== Only device link:https://www.yubico.com/product/yubikey-5c-nfc-fips[YubiKEY 5C NFC FIPS] currently accepted. ==== ++ ** _Customer managed Identity Provider (IdP), integrated via OpenID Connect (OIDC)_, where you will need to provide the following: *** *Discovery Endpoint:* The IdP's OIDC discovery URL (typically ending in _/.well-known/openid-configuration_). This allows Keycloak to automatically fetch most of the IdP's settings. *** *Client ID and secret:* Credentials that allow Keycloak to authenticate with the customer's IdP. *** *Email domain(s):* A list of approved email domains. Only users with an email address from one of these domains will be allowed to log in. -*** *Essential claim:* A specific key-value pair (e.g., _"rh-approved": "true"_) that must be present in a user's token from the IdP to grant them access. -+ -In this configuration, the customer takes on the responsibility for implementing FIPS 140-2 validated MFA. +*** *Essential claim:* A specific key-value pair (e.g., _"rh-approved": "true"_) that must be present in a user's token from the IdP to grant them access. In this configuration, the customer takes on the responsibility for implementing FIPS 140-2 validated MFA. // Following process with a sign up button will not be available until https://issues.redhat.com/browse/CRCPLAN-397 is complete. diff --git a/modules/rosa-govcloud-manage-fedramp.adoc b/modules/rosa-govcloud-manage-fedramp.adoc index a91a56d7f6cb..98459879bcc7 100644 --- a/modules/rosa-govcloud-manage-fedramp.adoc +++ b/modules/rosa-govcloud-manage-fedramp.adoc @@ -10,16 +10,16 @@ To change your FedRAMP account password, you must have access to your Red{nbsp}H .Procedure -. Navigate to link:https://sso.openshiftusgov.com/realms/redhat-external/account[]. +. Navigate to link:https://sso.openshiftusgov.com/realms/redhat-external/account[the Red Hat FedRAMP account management page]. . Sign in with your current username and password. . Under the middle box called _Account Security_, click *Signing In*. -. Under _Basic Authentication_, select *Password*. +. Under _Basic authentication_, select *Password*. . Click *Update* and choose a password that meets the following requirements: + * Minimum of fifteen (15) characters * At least one (1) upper-case letter * At least one (1) lower-case letter * At least one (1) number -* At least one (1) special character (e.g. ~ ! @ # $ % ^ & * ( ) _ + = - ‘ [ ] / ? > <) +* At least one (1) special character (e.g. ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <) . Confirm your password. . Click *Submit*. diff --git a/modules/rosa-govcloud-privatelink-create-cluster.adoc b/modules/rosa-govcloud-privatelink-create-cluster.adoc index 90104340963a..61f995f86df6 100644 --- a/modules/rosa-govcloud-privatelink-create-cluster.adoc +++ b/modules/rosa-govcloud-privatelink-create-cluster.adoc @@ -5,7 +5,8 @@ [id="rosa-aws-privatelink-create-cluster_{context}"] = Creating an AWS PrivateLink cluster -You can create an AWS PrivateLink cluster using the {rosa-cli-first}. +[role="_abstract"] +You can create an AWS PrivateLink cluster by using the {rosa-cli-first}. [NOTE] ==== @@ -28,9 +29,7 @@ endif::openshift-rosa-hcp[] .Procedure -Creating a cluster can take up to 40 minutes. - -. With AWS PrivateLink, you can create a cluster with a single availability zone (Single-AZ) or multiple availability zones (Multi-AZ). In either case, your machine's classless inter-domain routing (CIDR) must match your virtual private cloud's CIDR. See link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/installing_on_aws/installing-aws-vpc#installation-custom-aws-vpc-requirements_installing-aws-vpc[Requirements for using your own VPC] and link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/installing_on_aws/installing-aws-vpc#installation-custom-aws-vpc-validation_installing-aws-vpc[VPC validation] for more information. +. With AWS PrivateLink, you can create a cluster with a single availability zone (Single-AZ) or many availability zones (Multi-AZ). In either case, your machine's classless inter-domain routing (CIDR) must match your virtual private cloud's CIDR. See link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/installing_on_aws/installing-aws-vpc#installation-custom-aws-vpc-requirements_installing-aws-vpc[Requirements for using your own VPC] and link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/installing_on_aws/installing-aws-vpc#installation-custom-aws-vpc-validation_installing-aws-vpc[VPC validation] for more information. + [IMPORTANT] ==== @@ -39,9 +38,12 @@ If you use a firewall, you must configure it so that {product-title} can access For more information, see the AWS PrivateLink firewall prerequisites section. ==== + --- -include::snippets/rosa-long-cluster-name.adoc[] --- +[NOTE] +==== +If your cluster name is longer than 15 characters, it will contain an automatically generated domain prefix as a sub-domain for your provisioned cluster on `*.openshiftapps.com`. + +To customize the subdomain, use the `--domain-prefix` flag. The domain prefix cannot be longer than 15 characters, must be unique, and cannot be changed after cluster creation. +==== + ** To create a Single-AZ cluster: + @@ -56,7 +58,7 @@ $ rosa create cluster --private-link --cluster-name= [--machine-ci $ rosa create cluster --private-link --multi-az --cluster-name= [--machine-cidr=/16] --subnet-ids=,, ---- -. Enter the following command to check the status of your cluster. During cluster creation, the `State` field from the output will transition from `pending` to `installing`, and finally to `ready`. +. Enter the following command to check the status of your cluster. During cluster creation, the `State` field from the output changesfrom `pending` to `installing`, and finally to `ready`. + [source,terminal] ---- diff --git a/modules/rosa-govcloud-support-ticket.adoc b/modules/rosa-govcloud-support-ticket.adoc index 0c500be60da4..69563ae2b590 100644 --- a/modules/rosa-govcloud-support-ticket.adoc +++ b/modules/rosa-govcloud-support-ticket.adoc @@ -5,11 +5,12 @@ [id="rosa-govcloud-support-ticket_{context}"] = Opening a support ticket -To get access to open a support ticket please complete the following. +[role="_abstract"] +To get access to open a support ticket, complete the following steps. .Procedure -. If you need to create an account, please contact fedramp-css@openshiftusgov.com. -. Once access is granted, navigate to link:https://redhatgov.servicenowservices.com/css[]. +. If you need to create an account, contact fedramp-css@openshiftusgov.com. +. After you receive access, navigate to the link:https://redhatgov.servicenowservices.com/css[Red Hat GovCloud support portal]. . Click *Create Case* and complete the required information. . Click *Submit*. diff --git a/rosa_govcloud/rosa-govcloud-account-management.adoc b/rosa_govcloud/rosa-govcloud-account-management.adoc index 3e51717aa9e1..da1c545c88ee 100644 --- a/rosa_govcloud/rosa-govcloud-account-management.adoc +++ b/rosa_govcloud/rosa-govcloud-account-management.adoc @@ -7,7 +7,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] [role="_abstract"] -Once you have access to the FedRAMP accounts, you can manage the credentials as needed. +When you have access to the FedRAMP accounts, you can manage the credentials according to your needs. include::modules/rosa-govcloud-manage-fedramp.adoc[leveloffset=+1] diff --git a/rosa_govcloud/rosa-govcloud-getting-started.adoc b/rosa_govcloud/rosa-govcloud-getting-started.adoc index 7503ca030d2a..4cb66e8a1525 100644 --- a/rosa_govcloud/rosa-govcloud-getting-started.adoc +++ b/rosa_govcloud/rosa-govcloud-getting-started.adoc @@ -16,7 +16,7 @@ toc::[] //Federal and government agencies can be granted access to the {product-title} in AWS GovCloud environment without further verification. However, commercial organizations and Federal Information Security Modernization Act (FISMA) R&D Universities must provide documentation to show that they are supporting a government contract or in the process of bidding on a government contract such as a request for proposal (RFP) or request for information (RFI) pre-bid stage. The customers who are in the government support verification process can review a subset of the FedRAMP Authority to Operate (ATO) documentation, but cannot gain access to the {product-title} in AWS GovCloud environment until verification is complete. [role="_abstract"] -This service is for use by federal and government agencies, or by commercial organizations and Federal Information Security Modernization Act (FISMA) R&D Universities supporting a government contract or in the process of bidding on a government contract such as a request for proposal (RFP) or request for information (RFI) pre-bid stage. +This service is for use by federal and government agencies, or by commercial organizations and Federal Information Security Modernization Act (FISMA) research and development universities supporting a government contract or in the process of bidding on a government contract such as a request for proposal (RFP) or request for information (RFI) pre-bid stage. //Snippet for accessing ROSA in AWS GovCloud include::snippets/rosa-access-govcloud.adoc[] diff --git a/rosa_govcloud/rosa-install-govcloud-cluster.adoc b/rosa_govcloud/rosa-install-govcloud-cluster.adoc index ce90749060fc..3b1acb325655 100644 --- a/rosa_govcloud/rosa-install-govcloud-cluster.adoc +++ b/rosa_govcloud/rosa-install-govcloud-cluster.adoc @@ -7,13 +7,12 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] [role="_abstract"] -To install a {product-title} cluster in AWS GovCloud you must: - -* Meet the requirements to access AWS GovCloud. -* Complete the steps in xref:../rosa_govcloud/rosa-govcloud-getting-started.adoc#rosa-govcloud-getting-started[Getting started with {product-title} in AWS GovCloud]: -** Preparing to access {product-title} in AWS GovCloud. -** Signing up for a Red{nbsp}Hat FedRAMP account following. +You can install a {product-title} cluster in AWS GovCloud with or without AWS PrivateLink. Before you begin, ensure that you meet the requirements to access AWS GovCloud, you have prepared to access {product-title} in AWS GovCloud, and you have signed up for a Red{nbsp}Hat FedRAMP account. include::modules/rosa-govcloud-deploy-cluster.adoc[leveloffset=+1] include::modules/rosa-govcloud-privatelink-create-cluster.adoc[leveloffset=+1] + +[role="_additional-resources"] +.Additional resources +* xref:../rosa_govcloud/rosa-govcloud-getting-started.adoc#rosa-govcloud-getting-started[Getting started with {product-title} in AWS GovCloud]