From c43dd888fa170aa015bb227536f94b78f32e3448 Mon Sep 17 00:00:00 2001
From: Jeana Routh <jeana@redhat.com>
Date: Fri, 25 Aug 2023 13:25:09 -0400
Subject: [PATCH] OLM-managed Operators can use AWS STS (CCO docs)

---
 .../cco-short-term-creds.adoc                            | 9 +++++++++
 modules/cco-short-term-creds-aws-olm.adoc                | 9 +++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 modules/cco-short-term-creds-aws-olm.adoc

diff --git a/authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc b/authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
index 83ada5720105..8044866c6932 100644
--- a/authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+++ b/authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
@@ -50,6 +50,15 @@ include::modules/cco-short-term-creds-format-aws.adoc[leveloffset=+2]
 //AWS component secret permissions requirements
 include::modules/cco-short-term-creds-component-permissions-aws.adoc[leveloffset=+2]
 
+//OLM-managed Operator support for authentication with AWS STS
+include::modules/cco-short-term-creds-aws-olm.adoc[leveloffset=+2]
+
+////
+[role="_additional-resources"]
+.Additional resources
+* xr\ef:../../operators/operator_sdk/osdk-token-auth.html#osdk-aws-sts_osdk-token-auth[CCO-based workflow for OLM-managed Operators with AWS STS]
+////
+
 [id="cco-short-term-creds-gcp_{context}"]
 == GCP Workload Identity
 
diff --git a/modules/cco-short-term-creds-aws-olm.adoc b/modules/cco-short-term-creds-aws-olm.adoc
new file mode 100644
index 000000000000..309f94170d18
--- /dev/null
+++ b/modules/cco-short-term-creds-aws-olm.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_content-type: CONCEPT
+[id="cco-short-term-creds-aws-olm_{context}"]
+= OLM-managed Operator support for authentication with AWS STS
+
+In addition to {product-title} cluster components, some Operators managed by the Operator Lifecycle Manager (OLM) on AWS clusters can use manual mode with STS. These Operators authenticate with limited-privilege, short-term credentials that are managed outside the cluster. To determine if an Operator supports authentication with AWS STS, see the Operator description in OperatorHub.