From 28312144dc20b326db297387d6307e5a08606796 Mon Sep 17 00:00:00 2001
From: Brian Smith <bsmit@redhat.com>
Date: Tue, 20 Aug 2024 16:52:18 -0400
Subject: [PATCH 1/2] adding STS policy s3:PutBucketPolicy to allow "rosa
 create oidc-config" to run in FedRAMP

---
 resources/sts/4.12/sts_installer_permission_policy.json | 3 ++-
 resources/sts/4.13/sts_installer_permission_policy.json | 3 ++-
 resources/sts/4.14/sts_installer_permission_policy.json | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/resources/sts/4.12/sts_installer_permission_policy.json b/resources/sts/4.12/sts_installer_permission_policy.json
index 613031cc10..abc3071933 100644
--- a/resources/sts/4.12/sts_installer_permission_policy.json
+++ b/resources/sts/4.12/sts_installer_permission_policy.json
@@ -189,7 +189,8 @@
                 "ec2:DescribeVpcEndpointServices",
                 "ec2:ModifyVpcEndpointServicePermissions",
                 "kms:DescribeKey",
-                "cloudwatch:GetMetricData"
+                "cloudwatch:GetMetricData",
+                "s3:PutBucketPolicy"
             ],
             "Resource": "*"
         },
diff --git a/resources/sts/4.13/sts_installer_permission_policy.json b/resources/sts/4.13/sts_installer_permission_policy.json
index d6b5f98d06..1a0ae78213 100644
--- a/resources/sts/4.13/sts_installer_permission_policy.json
+++ b/resources/sts/4.13/sts_installer_permission_policy.json
@@ -191,7 +191,8 @@
                 "ec2:DescribeVpcEndpointServices",
                 "ec2:ModifyVpcEndpointServicePermissions",
                 "kms:DescribeKey",
-                "cloudwatch:GetMetricData"
+                "cloudwatch:GetMetricData",
+                "s3:PutBucketPolicy"
             ],
             "Resource": "*"
         },
diff --git a/resources/sts/4.14/sts_installer_permission_policy.json b/resources/sts/4.14/sts_installer_permission_policy.json
index 11a2e40eec..b4ea30ee4b 100644
--- a/resources/sts/4.14/sts_installer_permission_policy.json
+++ b/resources/sts/4.14/sts_installer_permission_policy.json
@@ -190,7 +190,8 @@
                 "ec2:DescribeVpcEndpointServices",
                 "ec2:ModifyVpcEndpointServicePermissions",
                 "kms:DescribeKey",
-                "cloudwatch:GetMetricData"
+                "cloudwatch:GetMetricData",
+                "s3:PutBucketPolicy"
             ],
             "Resource": "*"
         },

From 35f6b89eff0926fb22ab087c21309b0d466a6811 Mon Sep 17 00:00:00 2001
From: Brian Smith <bsmit@redhat.com>
Date: Tue, 20 Aug 2024 16:53:41 -0400
Subject: [PATCH 2/2] adding to 4.15 as well

---
 resources/sts/4.15/sts_installer_permission_policy.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/resources/sts/4.15/sts_installer_permission_policy.json b/resources/sts/4.15/sts_installer_permission_policy.json
index 11a2e40eec..b4ea30ee4b 100644
--- a/resources/sts/4.15/sts_installer_permission_policy.json
+++ b/resources/sts/4.15/sts_installer_permission_policy.json
@@ -190,7 +190,8 @@
                 "ec2:DescribeVpcEndpointServices",
                 "ec2:ModifyVpcEndpointServicePermissions",
                 "kms:DescribeKey",
-                "cloudwatch:GetMetricData"
+                "cloudwatch:GetMetricData",
+                "s3:PutBucketPolicy"
             ],
             "Resource": "*"
         },