Updated Ks Openshift Readme

[amcbarnett]

Changed to new command vault write aws-tf/roles/deploy policy_document=-<<EOF

[hashicorp-cla]

All committers have signed the CLA.

[rberlind]

Hi @amcbarnett:
Thanks for noticing the missing "" in the README.md for the vault write aws-tf/config/root command.

Regarding the change from policy to policy_document in the vault write aws-tf/roles/deploy command, I know that policy used to work and wonder if this reflects a change to a newer version of Vault. I do now see policy_document in https://www.vaultproject.io/docs/secrets/aws/index.html#setup and https://www.vaultproject.io/api/secret/aws/index.html#create-update-role but am also sure that policy used to work. Unfortunately, we don't version our docs. What version of Vault were you using?

Can I ask why you are requiring the AWS provider to be version ~2.0? Was the demo not working with older versions of the AWS provider? It should be. I don't necessarily like the idea of forcing people to use a newer version unless it is actually necessary.

[rberlind]

I researched and found that policy was deprecated in August, 2018 in favor of policy_document. So, that is a good change in the readme.md.

I'm not convinced that we need to force AWS provider to be 2.0

[rberlind]

@amcbarnett : I'm approving this despite my reservation about forcing use of newer AWS provider. I thought I had added in the doc changes, but see I missed the \ in the vault command.