docs: update README and IAM documentations (#11)

Co-authored-by: William Garcia <willgrod@amazon.com>

Readme.md

@@ -1,24 +1,23 @@
 # ECR Secret Operator
 
-Amazon Elastic Container Registry [Private Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) provides a temporary token that is valid only for 12 hours. It is a challenge for automatic container image build process to refresh the token or secret in a timely manner.
-
-This operators frequently talks with AWS ECR GetAuthroization Token and create/update the secret, so that the service account can perform docker image build.
+Amazon Elastic Container Registry [Private Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) provides a temporary authorization token valid only for 12 hours. This operator refreshes automatically the Amazon ECR authorization token before it expires, reducing the overhead in managing the authentication flow during the container image build process.
 
+This operator uses Amazon ECR [`GetAuthorizationToken`](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_GetAuthorizationToken.html) API to create or update the secret, linked to an OpenShift service account that can transparently perform container image builds.
 
 ## How to use this operator
 
 ### Prerequisites
 
-* [Create an ECR private repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html)
-* Create An Openshift Cluster
-* Provide AWS Authentication to the operator. Two Options:
-  * [IAM User](./docs/iam_user.md)
-  * [STS Assume Role](./docs/iam_assume_role.md)
-* Install [Operator SDK CLI](https://sdk.operatorframework.io/docs/installation/)
+* [Create an Amazon ECR private repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html)
+* Create An OpenShift Cluster
+* Configure AWS authentication method. Two options:
+  * [AWS IAM User](./docs/iam_user.md)
+  * [AWS STS AssumeRole](./docs/iam_assume_role.md)
+* Install the [Operator SDK CLI](https://sdk.operatorframework.io/docs/installation/)
 
 ### Install the operator
 
-```
+```bash
 oc new-project ecr-secret-operator
 operator-sdk run bundle quay.io/mobb/ecr-secret-operator-bundle:v0.3.2
 ```
@@ -27,7 +26,7 @@ operator-sdk run bundle quay.io/mobb/ecr-secret-operator-bundle:v0.3.2
 
 ### Create the ECR Secret CRD
 
-```
+```yaml
 apiVersion: ecr.mobb.redhat.com/v1alpha1
 kind: Secret
 metadata:
@@ -40,37 +39,35 @@ spec:
   region: us-east-2
 ```
 
-```
+```bash
 oc create -f samples/ecr_v1alpha1_secret.yaml
 ```
 
-A docker registry secret is created by the operator momentally and the token is patched every 10 hours
+A Docker registry secret is created by the operator temporarily and the token is patched every 10 hours
 
-```
+```bash
 oc get secret ecr-docker-secret   
 NAME                TYPE                             DATA   AGE
 ecr-docker-secret   kubernetes.io/dockerconfigjson   1      16h
 ```
 
 ### A sample build process with generated secret
 
-
 Link the secret to builder
 
-```
+```bash
 oc secrets link builder ecr-docker-secret 
 ```
 
-Configure [build config](./samples/build-config.yaml) to point to your ECR Container repository
+Configure [build config](./samples/build-config.yaml) to point to your Amazon ECR Container repository
 
-```
+```bash
 oc create imagestream ruby
 oc tag openshift/ruby:2.5-ubi8 ruby:2.5
 oc create -f samples/build-config.yaml
 oc start-build ruby-sample-build --wait
 ```
 
-Build should succeed and push the image to the the private ECR Container repository
+The build should succeed and push the image to the the private Amazon ECR Container repository
 
 ![Success Build](./docs/images/build.png)
-

docs/iam_assume_role.md

@@ -1,16 +1,16 @@
-## Create STS Assume Role
+## Create the STS Assume Role
 
 [About AWS STS and Assume Role](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html)
 
-**Notes: These are sample commands. Please fill in your own resource parameters E.g.ARN**
+**Notes: These are sample commands. Please fill in your own resource parameters E.g. ARN**
 
-* Prequisites
+* Prerequisites
 
-  [An STS Openshift Cluster](https://docs.openshift.com/container-platform/4.10/authentication/managing_cloud_provider_credentials/cco-mode-sts.html)
+  [An STS OpenShift Cluster](https://docs.openshift.com/container-platform/4.10/authentication/managing_cloud_provider_credentials/cco-mode-sts.html)
 
-* Create the policy
+* Create the IAM policy
 
-```
+```bash
 cat <<EOF > /tmp/iam_policy.json
 {
     "Version": "2012-10-17",
@@ -32,9 +32,9 @@ aws iam create-policy \
 
 ```
 
-* Create the role and attach the policy
+* Create the IAM role and attach the IAM policy
 
-```
+```bash
 cat <<EOF > /tmp/trust_policy.json
 {
     "Version": "2012-10-17",
@@ -59,9 +59,9 @@ aws iam create-role --role-name ECRLogin --assume-role-policy-document file:///t
 aws iam attach-role-policy --role-name ECRLogin --policy-arn arn:aws:iam::[ACCOUNT_ID]:policy/ECRLoginPolicy
 ```
 
-* Create the repository policy
+* Create the repository IAM policy
 
-```
+```bash
 cat <<EOF > /tmp/repo_policy.json
 {
     "Version": "2012-10-17",
@@ -91,9 +91,9 @@ EOF
 aws ecr set-repository-policy --repository-name test --policy-text file:///tmp/repo_policy.json
 ```
 
-* Create STS kubernetes Secret
+* Create STS Kubernetes Secret
 
-```
+```bash
 cat <<EOF > /tmp/credentials
 [default]
 role_arn = arn:aws:iam::[ACCOUNT_ID]:role/ECRLogin
@@ -102,4 +102,4 @@ EOF
 
 
 oc create secret generic aws-ecr-cloud-credentials --from-file=credentials=/tmp/credentials
-```
+```

docs/iam_user.md

@@ -1,10 +1,10 @@
 ## Create IAM user and Policy
 
-**Notes: These are sample commands. Please fill in your own resource parameters E.g.ARN**
+**Notes: These are sample commands. Please fill in your own resource parameters E.g. ARN**
 
-* Create the policy
+* Create the IAM policy
 
-```
+```bash
 cat <<EOF > /tmp/iam_policy.json
 {
     "Version": "2012-10-17",
@@ -22,22 +22,21 @@ EOF
 aws iam create-policy \
     --policy-name ECRLoginPolicy \
     --policy-document file:///tmp/iam_policy.json
-```    
+```
 
-* Create a user and access key and attach the policy
+* Create an IAM user and access key, then attach it to the IAM policy
 
-```
+```bash
 aws iam create-user --user-name ecr-bot
 aws create-access-key --user-name ecr-bot
 aws iam attach-user-policy --policy-arn arn:aws:iam::[ACCOUNT_ID]:policy/ECRLoginPolicy --user-name ecr-bot
 ```
 
 **Notes: Save access key id and key for later usage**
 
+* Set up a specific Amazon ECR repository access
 
-* Set up a specific ECR repository access
-
-```
+```bash
 cat <<EOF > /tmp/repo_policy.json
 {
     "Version": "2012-10-17",
@@ -67,9 +66,9 @@ EOF
 aws ecr set-repository-policy --repository-name test --policy-text file:///tmp/repo_policy.json
 ```
 
-* Create kubernetes Secret with iam user
+* Create a Kubernetes Secret with IAM user
 
-```
+```bash
 cat <<EOF > /tmp/credentials
 [default]
 aws_access_key_id=""
@@ -78,4 +77,4 @@ EOF
 
 
 oc create secret generic aws-ecr-cloud-credentials --from-file=credentials=/tmp/credentials
-```
+```