ODM-12422 update docs

docs/home/clouds/aws.md

@@ -3,7 +3,8 @@
 ## Required types of resources
 
 - [AWS S3 Bucket](https://aws.amazon.com/s3/)
-- [AWS IAM](https://aws.amazon.com/iam/) user with bucket access above (programmatic access)
+- [AWS IAM](https://aws.amazon.com/iam/) user with bucket access above (programmatic access) [_up to ODM version 1.60_]
+- [AWS IAM](https://aws.amazon.com/iam/) role with bucket access above [_after ODM version 1.60_]
 - [AWS EKS](https://aws.amazon.com/eks/)
     - [AWS EBS](https://aws.amazon.com/ebs/)
     - [AWS ALB](https://aws.amazon.com/elasticloadbalancing/)
@@ -20,22 +21,28 @@
 
     - It is recommended to set up a lifecycle rule to clean up unfinished multipart uploads. Example of [AbortIncompleteMultipartUpload rule](#configuration-examples).
 
-2. Create IAM [user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html), [policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) (it will be listed below) and [attach](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) the policy to the user.
-
-    - [Programmatic access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) is required to work ODM with IAM user.
-
-    - You can find the recommended IAM policy here [IAM policy for S3 access](#configuration-examples).
-
-3. Create [VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-getting-started.html).
+2. Create [VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-getting-started.html).
 
     - Must have at least 2 private subnets [[link](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html)].
 
     - Each subnets must contain at least 100 free IP addresses [recommendation].
 
-4. Create [EKS](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html).
+3. Create [EKS](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html).
 
     - Deploy the addons you need.
 
+4. Create IAM [user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html) [_up to ODM version 1.60_], [role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html) [_after ODM version 1.60_], [policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) (it will be listed below) and [attach](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) the policy to the user/role.
+
+    - [Programmatic access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) is required to work ODM with IAM user.
+
+    - You can find the recommended IAM policy here [IAM policy for S3 access](#configuration-examples).
+
+    - Choose between [EKS IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) and [EKS Pod Identity](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html) based on your requirements; however, we recommend using EKS Pod Identity.
+
+    - You can find the recommended `Trust Relationships` for EKS IRSA here [IRSA Trust Relationships](#configuration-examples).
+
+    - You can find the recommended `Trust Relationships` for EKS Pod Identity here [Pod Identity Trust Relationships](#configuration-examples).
+
 5. Create Route53 [hosted zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-working-with.html).
 
     - You can use private or public zone.
@@ -177,6 +184,49 @@
 ```
 </details>
 
+<details><summary>IRSA Trust Relationships</summary>
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Federated": "arn:aws:iam::AWS_ACCOUNT_ID:oidc-provider/oidc.eks.AWS_REGION.amazonaws.com/id/AWS_EKS_OIDC_ID"
+            },
+            "Action": "sts:AssumeRoleWithWebIdentity",
+            "Condition": {
+                "StringLike": {
+                    "oidc.eks.AWS_REGION.amazonaws.com/id/AWS_EKS_OIDC_ID:sub": "system:serviceaccount:odm:odm",
+                    "oidc.eks.AWS_REGION.amazonaws.com/id/AWS_EKS_OIDC_ID:aud": "sts.amazonaws.com"
+                }
+            }
+        }
+    ]
+}
+```
+</details>
+
+<details><summary>Pod Identity Trust Relationships</summary>
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "pods.eks.amazonaws.com"
+            },
+            "Action": [
+                "sts:TagSession",
+                "sts:AssumeRole"
+            ]
+        }
+    ]
+}
+```
+</details>
+
 <details><summary>GP3 StorageClass example</summary>
 ```yaml
 apiVersion: storage.k8s.io/v1

docs/home/release-notes/v1.50-v1.59.md

@@ -1,24 +1,5 @@
 # Release notes
 
-## Version 1.60
-
-!!! tip ""
-Helm chart version 1.60.x
-
-### Rclone Migration
-
-The following ODM component called `funcFile` was replaced with `rclone`.
-
-As a result of this migration, the configuration of storages was moved from `funcFile` to `application.yaml` files in `core`, `applications`, and `funcJob`.
-You can find configuration examples in the "examples" directory within the Helm chart.
-Note that the configuration section `genestack.rclone` in all three of these services should be identical. For this purpose, we recommend using YAML anchors, which are also included in the examples.
-
-## SAML elimitaion
-
-Support of SAML was eliminated.
-
-### Helm configuration changes
-
 ## Version 1.59
 
 !!! tip ""

docs/home/release-notes/v1.60-v1.69.md

@@ -0,0 +1,44 @@
+# Release notes
+
+## Version 1.60
+
+!!! tip ""
+    Helm chart version 1.60.x
+
+### Rclone Migration
+
+The following ODM component called `funcFile` was replaced with `rclone`.
+
+As a result of this migration, the configuration of storages was moved from `funcFile` to `application.yaml` files in `core`, `applications`, and `funcJob`.
+You can find configuration examples in the "examples" directory within the Helm chart.
+Note that the configuration section `genestack.rclone` in all three of these services should be identical. For this purpose, we recommend using YAML anchors, which are also included in the examples.
+
+Also, Rclone allows to use the AWS IAM role instead of the AWS IAM user. If this is relevant fo your environment, then information on deployment can be found [here](./../clouds/aws.md) in paragraph 4.
+
+### SAML elimitaion
+
+Support of SAML was eliminated.
+
+### Helm configuration changes
+
+- The `credentials` section has been removed, please use the `rclone` configuration instead.
+
+    ```yaml
+    credentials:
+      awsS3Region:
+      awsS3AccessKey:
+      awsS3SecretAccessKey:
+    ```
+
+- All configuration related to `SAML` has been removed.
+
+- The `region` parameter has been removed from the `applications` configuration.
+
+    ```yaml
+    applications:
+      files:
+        "/var/lib/genestack/properties/application.yaml":
+          frontend:
+            aws:
+              region:
+    ```

mkdocs.yml

@@ -29,7 +29,8 @@ nav:
             - Azure SCIM: home/troubleshooting/azure-scim.md
             - Sanity check: home/troubleshooting/sanity-check.md
         - Release Notes:
-              - v1.50 - v1.59: home/release-notes/v1.50-v1.59.md
+            - v1.60 - v1.69: home/release-notes/v1.60-v1.69.md
+            - v1.50 - v1.59: home/release-notes/v1.50-v1.59.md
 theme:
     name: material
     palette: