updated graphics

Author: jneczypor

cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-rosa-sts-explained.adoc

@@ -9,9 +9,6 @@ toc::[]
 //rosaworkshop.io content metadata
 //Brought into ROSA product docs 2023-10-26
 
-[id="tutorial-overview"]
-== Tutorial overview
-
 This tutorial outlines the two options for allowing {product-title} (ROSA) to interact with resources in a user's Amazon Web Service (AWS) account. It details the components and processes that ROSA with Security Token Service (STS) uses to obtain the necessary credentials. It also reviews why ROSA with STS is the more secure, preferred method. 
 
 This tutorial will:
@@ -132,7 +129,7 @@ image::cloud-experts-sts-explained_highlevel.png[]
 
 The entire workflow is depicted in the following graphic:
 
-image::cloud-experts-sts-explained_creation_flow.png[]
+image::cloud-experts-sts-explained_entire_flow.png[]
 
 Operators use the following process to obtain the requisite credentials to perform their tasks. Each Operator is assigned an Operator role, a permissions policy, and a trust policy with an OIDC provider. The Operator will assume the role by passing a JSON web token that contains the role and a token file (`web_identity_token_file`) to the OIDC provider, which then authenticates the signed key with a public key. The public key is created during cluster creation and stored in an S3 bucket. The Operator then confirms that the subject in the signed token file matches the role in the role trust policy which ensures that the OIDC provider can only obtain the allowed role. The OIDC provider then returns the temporary credentials to the Operator so that the Operator can make AWS API calls. For a visual representation, see below: