Skip to content

feat(iac): add CloudFormation IAM template for ROSA/OpenShift #3732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nogueiraanderson wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat(iac): add CloudFormation IAM template for ROSA/OpenShift #3732

nogueiraanderson wants to merge 1 commit into from

Conversation

@nogueiraanderson
Copy link
Contributor

@nogueiraanderson nogueiraanderson commented Dec 18, 2025

Summary

Add IAM user and policy CloudFormation template for OpenShift/ROSA cluster management.

What's included

  • IAM user with comprehensive permissions for cluster management
  • S3 bucket for cluster state storage
  • CloudWatch log group for notifications

Usage

aws cloudformation create-stack \
  --template-body file://IaC/PerconaOpenShiftIAM.yml \
  --capabilities CAPABILITY_NAMED_IAM \
  --stack-name percona-openshift-iam \
  --region us-east-2

One-time setup

This is infrastructure setup - only needs to be deployed once per AWS account.

@nogueiraanderson
feat(iac): add CloudFormation IAM template for ROSA/OpenShift
df01ca7 
Add IAM user and policy for OpenShift/ROSA cluster management with:
- EC2, ELB, Auto Scaling permissions for cluster infrastructure
- IAM permissions for service accounts and OIDC providers
- Route53 for DNS management
- S3 bucket for cluster state storage
- CloudWatch for monitoring
- KMS for encryption

One-time setup - deploy with:
aws cloudformation create-stack \
  --template-body file://IaC/PerconaOpenShiftIAM.yml \
  --capabilities CAPABILITY_NAMED_IAM \
  --stack-name percona-openshift-iam
@nogueiraanderson nogueiraanderson requested a review from a team as a code owner December 18, 2025 19:42
nogueiraanderson added a commit that referenced this pull request Dec 18, 2025
@nogueiraanderson
refactor(rosa): simplify PR to essential files only
727da58 
Remove redundant files:
- IaC/PerconaOpenShiftIAM.yml (moved to separate PR #3732)
- pmm/openshift/rosa_cluster_*.groovy (duplicates main pipeline)
- pmm/v3/vars/pmmHaRosa.groovy (thin wrapper, merged into main)

Update pmm3-ha-rosa.groovy to use openshiftRosa directly.

Final PR contains only 3 files:
- pmm/v3/pmm3-ha-rosa.groovy (deploy PMM HA)
- pmm/v3/pmm3-ha-rosa-cleanup.groovy (cleanup clusters)
- pmm/v3/vars/openshiftRosa.groovy (ROSA operations library)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nogueiraanderson