peer review edits

Author: jneczypor

cloud_experts_tutorials/cloud-experts-rosa-sts-explained.adoc

@@ -27,7 +27,7 @@ This tutorial will:
 == Different credential methods to deploy ROSA
 As part of ROSA, Red Hat manages infrastructure resources in your AWS account and must be granted the necessary permissions. There are currently two supported methods for granting those permissions:
 
-* Using static IAM user credentials with an AdministratorAccess policy
+* Using static IAM user credentials with an `AdministratorAccess` policy
 +
 This is referred to as "ROSA with IAM Users" in this tutorial. It is not the preferred credential method.
 +
@@ -37,7 +37,7 @@ This is referred to as “ROSA with STS” in this tutorial. It is the preferred
 
 [id="different-credential-methods-rosa-iam-users"]
 === Rosa with IAM Users
-When ROSA was first released, the only credential method was ROSA with IAM Users. This method grants IAM users with an AdministratorAccess policy full access to create the necessary resources in the AWS account that uses ROSA. The cluster can then create and expand its credentials as needed.
+When ROSA was first released, the only credential method was ROSA with IAM Users. This method grants IAM users with an `AdministratorAccess` policy full access to create the necessary resources in the AWS account that uses ROSA. The cluster can then create and expand its credentials as needed.
 
 [id="different-credential-methods-rosa-sts"]
 === ROSA with STS
@@ -55,7 +55,7 @@ Several crucial components make ROSA with STS more secure than ROSA with IAM Use
 == AWS STS explained
 ROSA uses AWS STS to grant least-privilege permissions with short-term security credentials to specific and segregated IAM roles. The credentials are associated with IAM roles specific to each component and cluster that makes AWS API calls. This method better aligns with principles of least-privilege and secure practices in cloud service resource management. The ROSA command-line interface (CLI) tool manages the STS roles and policies that are assigned for unique tasks and takes action upon AWS resources as part of OpenShift functionality.
 
-STS roles and policies must be created for each ROSA cluster. To make this easier, the installation tools provide all the commands and files needed to create the roles as policies as well as an option to allow the CLI to automatically create the roles and policies. See xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations] for more information about the different `--mode` options.
+STS roles and policies must be created for each ROSA cluster. To make this easier, the installation tools provide all the commands and files needed to create the roles as policies and an option to allow the CLI to automatically create the roles and policies. See xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations] for more information about the different `--mode` options.
 
 [id="components-specific-to-rosa-with-sts"]
 == Components specific to ROSA with STS
@@ -117,7 +117,7 @@ You are not expected to create the resources listed in the below steps from scra
 The roles and policies can be created automatically by the ROSA CLI, or they can be manually created by utilizing the `--mode manual` or `--mode auto` flags in the ROSA CLI. For further details about deployment, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.html#rosa-sts-creating-cluster-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster with customizations] or the link:https://www.rosaworkshop.io/rosa/2-deploy/[Deploying the cluster tutorial].
 
 [id="sts-process"]
-== ROSA with STS work flow
+== ROSA with STS workflow
 The user creates the required account-wide roles and account-wide policies. For more information, see the xref:../cloud_experts_tutorials/cloud-experts-rosa-sts-explained.adoc#components-specific-to-rosa-with-sts[components section] in this tutorial. During role creation, a trust policy, known as a cross-account trust policy, is created which allows a Red Hat-owned role to assume the roles. Trust policies are also created for the EC2 service, which allows workloads on EC2 instances to assume roles and obtain credentials. The user can then assign a corresponding permissions policy to each role.
 
 After the account-wide roles and policies are created, the user can create a cluster. Once cluster creation is initiated, the Operator roles are created so that cluster Operators can make AWS API calls. These roles are then assigned to the corresponding permission policies that were created earlier and a trust policy with an OIDC provider. The Operator roles differ from the account-wide roles in that they ultimately represent the pods that need access to AWS resources. Because a user cannot attach IAM roles to pods, they must create a trust policy with an OIDC provider so that the Operator, and therefore the pods, can access the roles they need.
@@ -130,7 +130,7 @@ When a new role is needed, the workload currently using the Red Hat role will as
 
 image::cloud-experts-sts-explained_highlevel.png[]
 
-The entire work flow is depicted in the following graphic:
+The entire workflow is depicted in the following graphic:
 
 image::cloud-experts-sts-explained_creation_flow.png[]