docsL updates

* docs: helm updates for DOC-869 * docs: callout fixes * docs: added KMS related content per feedback * Apply suggestions from code review Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com> --------- Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>
spectrocloud · Sep 13, 2023 · 41c6e72 · 41c6e72
1 parent 08e50eb
commit 41c6e72
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 41 deletions.
diff --git a/...ntent/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md b/...ntent/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md
@@ -97,6 +97,14 @@ Use the following steps to add an S3 bucket as the backup location using the STS
 	}
 	```
 
+* If the S3 bucket is using a customer managed AWS Key Management Service (KMS) key for server-side encryption, ensure the Palette IAM role has the necessary permissions to access the KMS key. Otherwise, Palette will be unable to put objects in the S3 bucket, resulting in backup or restore failure. Check out the [Troubleshooting key access](https://docs.aws.amazon.com/kms/latest/developerguide/policy-evaluation.html) guide to learn more about common KMS issues.
+
+	:::tip
+
+	Use the IAM Policy Simulator to verify the IAM role has the necessary permissions to access a customer managed KMS key. Refer to the [Testing IAM policies with the IAM policy simulator](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html) guide to learn more.
+
+	:::
+
 <br /> 	
 
 

diff --git a/...ontent/clusters/cluster-management/backup-restore/add-backup-location-static.md b/...ontent/clusters/cluster-management/backup-restore/add-backup-location-static.md
@@ -97,6 +97,15 @@ The following sections provide detailed instructions. Select the environment whe
 	If you skip copying the secret access key, refer to the [Managing access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) guide to learn how to create a new access key.
 
 
+* If the S3 bucket is using a customer managed AWS Key Management Service (KMS) key for server-side encryption, ensure the Palette IAM user has the necessary permissions to access the KMS key. Otherwise, Palette will be unable to put objects in the S3 bucket and result in backup or restore failure. Check out the [Troubleshooting key access](https://docs.aws.amazon.com/kms/latest/developerguide/policy-evaluation.html) guide to learn more about common KMS issues.
+
+	:::tip
+
+Use the IAM Policy Simulator to verify the IAM role has the necessary permissions to access a customer managed KMS key. Refer to the [Testing IAM policies with the IAM policy simulator](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html) guide to learn more.
+
+	:::
+
+
 
 ### Add an AWS S3 Bucket 
 

diff --git a/docs/docs-content/enterprise-version/air-gap-repo.md b/docs/docs-content/enterprise-version/air-gap-repo.md
@@ -223,11 +223,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-k8s-v3.3.15.bin
   ```
 
-  :::info
+:::tip
 
-   If you receive a certificate error, use the `-k` or `--insecure` flag.
-  
-  :::
+  If you receive a certificate error, use the `-k` or `--insecure` flag.
+
+:::
 
   Assign the proper permissions and start the download script.
 
@@ -268,11 +268,12 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-k8s-v3.3.15.bin
   ```
 
-  :::info
 
-   If you receive a certificate error, use the `-k` or `--insecure` flag.
-  
-  :::
+:::tip
+
+  If you receive a certificate error, use the `-k` or `--insecure` flag.
+
+:::
 
    Assign the proper permissions and start the download script.
 
@@ -311,11 +312,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-kubeadm.bin
   ```
 
-  :::info
+:::tip
 
-   If you receive a certificate error, use the `-k` or `--insecure` flag.
-  
-  :::
+  If you receive a certificate error, use the `-k` or `--insecure` flag.
+
+:::
 
    Assign the proper permissions and start the download script.
 
@@ -365,11 +366,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-ubuntu22-k3s.bin
   ```
 
-  :::info
+:::tip
 
-   If you receive a certificate error, use the `-k` or `--insecure` flag.
-  
-  :::
+  If you receive a certificate error, use the `-k` or `--insecure` flag.
+
+:::
 
  Assign the proper permissions and start the download script.
 
@@ -394,11 +395,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-ubuntu22-rke.bin
   ```
 
-  :::info
+:::tip
 
-   If you receive a certificate error, use the `-k` or `--insecure` flag.
-  
-  :::
+  If you receive a certificate error, use the `-k` or `--insecure` flag.
+
+:::
 
    Assign the proper permissions and start the download script.
 
@@ -421,11 +422,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-ubuntu22-kubeadm.bin
   ```
 
-  :::info
+:::tip
 
-  If you receive a certificate error, use the `-k` or `--insecure` flag.
+If you receive a certificate error, use the `-k` or `--insecure` flag.
 
-  :::
+:::
 
    Assign the proper permissions and start the download script.
   
@@ -448,11 +449,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-ubuntu20-k3s.bin
   ```
 
-  :::info
+:::tip
 
-  If you receive a certificate error, use the `-k` or `--insecure` flag.
+If you receive a certificate error, use the `-k` or `--insecure` flag.
 
-  :::
+:::
 
    Assign the proper permissions and start the download script.
   
@@ -475,11 +476,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-ubuntu20-rke.bin
   ```
 
-  :::info
+:::tip
 
-  If you receive a certificate error, use the `-k` or `--insecure` flag.
+If you receive a certificate error, use the `-k` or `--insecure` flag.
 
-  :::
+:::
 
    Assign the proper permissions and start the download script.
   
@@ -503,11 +504,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-ubuntu20-kubeadm.bin
   ```
 
-  :::info
+:::tip
 
-  If you receive a certificate error, use the `-k` or `--insecure` flag.
+If you receive a certificate error, use the `-k` or `--insecure` flag.
 
-  :::
+:::
 
    Assign the proper permissions and start the download script.
   
@@ -530,11 +531,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-opensuse-k3s.bin
   ```
 
-  :::info
+:::tip
 
-  If you receive a certificate error, use the `-k` or `--insecure` flag.
+If you receive a certificate error, use the `-k` or `--insecure` flag.
 
-  :::
+:::
 
    Assign the proper permissions and start the download script.
   
@@ -557,11 +558,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-opensuse-rke.bin
   ```
 
-  :::info
+:::tip
 
-  If you receive a certificate error, use the `-k` or `--insecure` flag.
+If you receive a certificate error, use the `-k` or `--insecure` flag.
 
-  :::
+:::
 
    Assign the proper permissions and start the download script.
   
@@ -584,11 +585,11 @@ If you have any questions or concerns, please feel free to contact support@spect
    --output airgap-edge-opensuse-kubeadm.bin
   ```
 
-  :::info
+:::tip
 
-  If you receive a certificate error, use the `-k` or `--insecure` flag.
+If you receive a certificate error, use the `-k` or `--insecure` flag.
 
-  :::
+:::
 
    Assign the proper permissions and start the download script.