Skip to content

SPLAT-2746: Add SetSecurityGroups permission to OCP documentation#111222

Draft
mfbonfigli wants to merge 1 commit intoopenshift:mainfrom
mfbonfigli:SPLAT-2746_update-ocp-docs-with-setsecuritygroups
Draft

SPLAT-2746: Add SetSecurityGroups permission to OCP documentation#111222
mfbonfigli wants to merge 1 commit intoopenshift:mainfrom
mfbonfigli:SPLAT-2746_update-ocp-docs-with-setsecuritygroups

Conversation

@mfbonfigli
Copy link
Copy Markdown

@mfbonfigli mfbonfigli commented May 5, 2026

As part of OCPSTRAT-1553 and SPLAT-2452 the Bring Your Own Security Groups feature for AWS Network Load Balancer is being developed.

The feature requires a new IAM Permission, the elasticloadbalancing:SetSecurityGroups needed to allow AWS CCM to be able to update Security Groups on an AWS Network Load Balancer after the NLB was created. PR have been opened to add this permission where relevant in OCP Installer, ROSA Managed Policy and Hypershift.

The PR here updates the OCP Documentation to mention the need for the new IAM permission permission for the BYO Security Group feature.

Version(s): 5.0+

Issue: https://redhat.atlassian.net/browse/SPLAT-2746

Link to docs preview:

QE review:

  • QE has approved this change.

Additional information:

References

@mfbonfigli
Add SetSecurityGroups permission to documentation
cfc70f3 
Adds the elasticloadbalancing:SetSecurityGroup permission to
the OCP Docs, required for the correct functioning of the BYO
Security Group on AWS Network Load Balancer feature.
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 5, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 5, 2026
edited by openshift-ci Bot
Loading

@mfbonfigli: This pull request references SPLAT-2746 which is a valid jira issue.

Details

In response to this:

As part of OCPSTRAT-1553 and SPLAT-2452 the Bring Your Own Security Groups feature for AWS Network Load Balancer is being developed.

The feature requires a new IAM Permission, the elasticloadbalancing:SetSecurityGroups needed to allow AWS CCM to be able to update Security Groups on an AWS Network Load Balancer after the NLB was created. PR have been opened to add this permission where relevant in OCP Installer, ROSA Managed Policy and Hypershift.

The PR here updates the OCP Documentation to mention the need for the new IAM permission permission for the BYO Security Group feature.

Version(s): 5.0+

Issue: https://redhat.atlassian.net/browse/SPLAT-2746

Link to docs preview:

QE review:

  • QE has approved this change.

Additional information:

References

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 5, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 5, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci Bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 5, 2026
@mfbonfigli
Copy link
Copy Markdown
Author

mfbonfigli commented May 5, 2026

/test all

@ocpdocs-previewbot
Copy link
Copy Markdown

ocpdocs-previewbot commented May 5, 2026

🤖 Tue May 05 13:43:19 - Prow CI generated the docs preview:

https://111222--ocpdocs-pr.netlify.app/openshift-enterprise/latest/hosted_control_planes/hcp-manage/hcp-manage-aws.html
https://111222--ocpdocs-pr.netlify.app/openshift-enterprise/latest/installing/installing_aws/installing-aws-account.html

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 5, 2026

@mfbonfigli: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/validate-asciidoc cfc70f3 link true /test validate-asciidoc

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mfbonfigli @openshift-ci-robot @ocpdocs-previewbot