Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 1. Getting started with Red Hat OpenShift Service on AWS in AWS GovCloud
This service is for use by federal and government agencies, or by commercial organizations and Federal Information Security Modernization Act (FISMA) research and development universities supporting a government contract or in the process of bidding on a government contract such as a request for proposal (RFP) or request for information (RFI) pre-bid stage.
Red Hat OpenShift Service on AWS in AWS GovCloud carries the following requirements:
- Red Hat OpenShift Service on AWS in AWS GovCloud can only be deployed into an existing VPC. See Create Amazon VPC architecture for the AWS PrivateLink use case for instructions on setting up a VPC.
- Red Hat OpenShift Service on AWS in AWS GovCloud only supports the use of the AWS STS credentials method.
- Red Hat OpenShift Service on AWS in AWS GovCloud only uses Federal Information Processing Standards (FIPS) validated modules in process cryptographic libraries.
Red Hat OpenShift Service on AWS in AWS GovCloud requires a separate Red Hat account for use with FedRAMP, even if you already have an existing Red Hat account for Red Hat OpenShift Service on AWS clusters in commercial regions.
- Each person who needs to be able to create, modify, or delete clusters must have their own Red Hat FedRAMP account.
- Access to an existing cluster, to use that cluster, does not require a Red Hat FedRAMP account.
- You can use your Red Hat FedRAMP account to deploy to multiple AWS GovCloud accounts.
1.1. Signing up for a Red Hat FedRAMP account
To access Red Hat OpenShift Service on AWS in AWS GovCloud, you must sign up for a Red Hat FedRAMP account.
Procedure
- Navigate to the ROSA GovCloud access request form.
- Complete the access request form.
Click Submit to sign up. You receive a Submission confirmation.
Red Hat’s confirmed stateside support team contacts you through email for the following information:
- Admin details to include your organization name, administrator first and surname and administrator email.
User authentication option to the FedRAMP Hybrid Cloud Console from one of the following two options:
Local group in a Red Hat managed Keycloak instance, where users will be required to setup multifactor authentication (MFA) with an approved device.
NoteOnly device YubiKEY 5C NFC FIPS currently accepted.
Customer managed Identity Provider (IdP), integrated via OpenID Connect (OIDC), where you will need to provide the following:
- Discovery Endpoint: The IdP’s OIDC discovery URL (typically ending in /.well-known/openid-configuration). This allows Keycloak to automatically fetch most of the IdP’s settings.
- Client ID and secret: Credentials that allow Keycloak to authenticate with the customer’s IdP.
- Email domain(s): A list of approved email domains. Only users with an email address from one of these domains will be allowed to log in.
- Essential claim: A specific key-value pair (e.g., "rh-approved": "true") that must be present in a user’s token from the IdP to grant them access. In this configuration, the customer takes on the responsibility for implementing FIPS 140-2 validated MFA.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}