github.com/openshift/installer@v1.4.17/docs/dev/aws/iam_permissions.md

github.com/openshift/installer@v1.4.17/docs/dev/aws/iam_permissions.md (about)

     1  ## IAM Instance Role Permissions
     2  
     3  Historically, the installer has created a set of IAM instance permissions. 
     4  This list was not managed by the cluster, was not updated for any new use cases and can be considered permissive due
     5  to the usage of wildcards and automatically inheriting new capabilities as they were added by AWS. 
     6  
     7  Installations of OpenShift will now receive a tightened set of permissions matching the current in-tree provider.
     8  It is backwards compatible with all versions of OpenShift to use the new set of permissions.
     9  Additional AWS cloud capabilities and IAM permissions will not be enabled or added until IAM instance role permissions
    10  come under management of an operator or can be eliminated entirely by the use of discrete pod identity directly 
    11  assigned to running services within OpenShift. 
    12  
    13  For all other uses/needs of IAM credentials, please see the [cloud-credential-operator](#cco).
    14  
    15  [cco]: https://github.com/openshift/cloud-credential-operator