Integrating ROSA Applications with AWS Services (CS221)

Integrate applications on ROSA with AWS services while keeping a good security posture.
Course Description


Integrate applications deployed on ROSA with AWS services in a way that cluster administrators and platform engineers retain control of credentials and roles required by applications to access AWS services instead of exposing those credentials to application developers.


Note: This course is a “bring your own cloud” (and device) course. Red Hat Training does not provide a hands-on lab environment for this course. All associated AWS costs with any of the content must be paid through the student’s AWS account.


Course Content Summary


Integrate with external container registries such as ECR and Quay.io to deploy applications from private image repositories


Configure storage classes to enable application access to different EBS volume types


Configure storage classes and security contexts to enable application access to shared EFS storage volumes


Configure pod identity using STS/IRSA to enable application access to AWS services such as database (Aurora), integration (SQS), and object storage (S3)


Provision AWS services for applications using the AWS Controllers for Kubernetes (ACK)


Federate and query application metrics (application workload monitoring) with Amazon Managed Prometheus Service


Aggregate and query structured application logs with Amazon CloudWatch


Configure custom domains and TLS certificates for secure public access to applications Impact on the Organization


Red Hat OpenShift Service on AWS (ROSA) is a turnkey application platform that provides a managed Red Hat OpenShift service that runs natively on Amazon Web Services (AWS) to enable organizations to increase operational efficiency, refocus on innovation, and quickly build, deploy, and scale applications. Red Hat OpenShift is the hybrid cloud platform that brings operational consistency to on-premise and different cloud environments.


Organizations adopting ROSA are typically existing AWS customers with skills on using AWS services for a variety of business scenarios and need to integrate managed OpenShift clusters with their pre-existing AWS environments. These organizations are usually very security-conscious and require strong access controls and network security for all of their AWS services, including their ROSA clusters.


Impact on the Individual


After completing CS221, students can integrate applications deployed on a private ROSA cluster in a way that cluster administrators and platform engineers retain control of credentials and roles required by applications to access AWS services, instead of exposing those credentials to application developers.