Cloud Experts Documentation

Extending ROSA STS to include authentication with AWS Services

Last edited
Published
Authors
Connor Wooley
Tags: ROSA

This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.

In this example we will deploy the Amazon Ingress Controller that uses ALBs, and configure it to use STS authentication.

Deployment

Configure STS

  1. Make sure your cluster has the pod identity webhook

  2. Download the IAM Policy for the AWS Load Balancer Hooks

  3. Create AWS Role with inline policy

  4. Create AWS Policy and Service Account

  5. Create service account

    Note I had issues with the policy, and for now just gave this user admin creds. Need to revisit and figure out.

  6. Create access key

  7. Attach policy to user

  8. Paste the AccessKeyId and SecretAccessKey into values.yaml

  9. tag your public subnet with ``

  10. Create a namespace for the controller

  1. Apply CRDs

  2. Add the helm repo and install the controller (install helm3external link (opens in new tab) if not already)

Deploy Sample Application

Back to top

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub Edit this page
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2026 Red Hat