<TENANT_SVC_ACCOUNT> O Tenant Service Account enviado pela IBM por um representante.
Se o seu tenant for no formato xxxxxx.customer.turbonomic.ibmappdomain.cloud
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::<YOUR_AWS_ACCOUNT_NUMBER>:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/22ejnvnnturfmt6km08idd0nt4hekbn7"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"rh-oidc.s3.us-east-1.amazonaws.com/22ejnvnnturfmt6km08idd0nt4hekbn7:sub":"system:serviceaccount:<TENANT_ID>:<TENANT_SVC_ACCOUNT>"
}
}
}
]
}
Se o seu tenant for no formato xxxxxx.apptio.turbonomic.ibmappdomain.cloud
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::<YOUR_AWS_ACCOUNT_NUMBER>:oidc.op1.openshiftapps.com/2c51blsaqa9gkjt0o9rt11mle8mmropu"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.op1.openshiftapps.com/2c51blsaqa9gkjt0o9rt11mle8mmropu:sub": "system:serviceaccount:<TENANT_ID>:<TENANT_SVC_ACCOUNT>"
}
}
}
]
}