Roberto Carratalá

Principal AI Architect - AI BU @ Red Hat. MsC in AI/ML & MsC Telco Engineer

less than 1 minute read

How do you obtain the AWS Credentials once the OCP4 cluster is deployed? Where are they stored in the cluster?

The AWS credentials are used (among others) by the Machine Config Operator to manage the OpenShift nodes (workers and masters) within the cluster as MachineSets and Machines.

This credentials are stored into a Secret into the namespace of “openshift-cloud-credential-operator”:

$ oc get secret -n openshift-cloud-credential-operator cloud-credential-operator-iam-ro-creds -o yaml
apiVersion: v1
data:
  aws_access_key_id: xxxx
  aws_secret_access_key: yyyy
kind: Secret
metadata:
  annotations:
    cloudcredential.openshift.io/aws-policy-last-applied: '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["iam:GetUser","iam:GetUserPolicy","iam:ListAccessKeys"],"Resource":"*"},{"Effect":"Allow","Action":["iam:GetUser"],"Resource":"arn:aws:iam::041887290372:user/ocp4-6m565-cloud-credential-operator-iam-ro-2j8m9"}]}'
    cloudcredential.openshift.io/credentials-request: openshift-cloud-credential-operator/cloud-credential-operator-iam-ro
  creationTimestamp: "2019-06-28T14:13:13Z"
  name: cloud-credential-operator-iam-ro-creds
  namespace: openshift-cloud-credential-operator
  resourceVersion: "5044"
  selfLink: /api/v1/namespaces/openshift-cloud-credential-operator/secrets/cloud-credential-operator-iam-ro-creds
  uid: ddb3651a-99ae-11e9-a986-02079fc11896
type: Opaque

NOTE: Opinions expressed in this blog are my own and do not necessarily reflect that of the company I work for.

Happy OpenShifting!

You may also enjoy