rosa-hcp-creating-cluster-with-aws-kms-key.adoc

Creating ROSA with HCP clusters using a custom AWS KMS encryption key

Create a {product-title} (ROSA) with a {hcp} (HCP) cluster using a custom AWS Key Management Service (KMS) key.

{hcp-title} Prerequisites

To create a {hcp-title} cluster, you must have the following items:

• A configured virtual private cloud (VPC)

• Account-wide roles

• An OIDC configuration

• Operator roles

Creating a Virtual Private Cloud for your {hcp-title} clusters

You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You can use the following methods to create a VPC:

• Create a VPC by using a Terraform template

• Manually create the VPC resources in the AWS console

Note

The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform script it is in the same region that you intend to install your cluster. In these examples, use us-east-2.

snippets/imp-rosa-hcp-no-shared-vpc-support.adoc

modules/rosa-hcp-vpc-terraform.adoc

Additional resources

• See the Terraform VPC repository for a detailed list of all options available when customizing the VPC for your needs.

modules/rosa-hcp-vpc-manual.adoc

Additional resources

• Get Started with Amazon VPC

• HashiCorp Terraform documentation

modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc

modules/rosa-sts-byo-oidc.adoc

modules/rosa-operator-config.adoc

modules/creating-cluster-with-aws-kms-key.adoc

Next steps

• Accessing a ROSA cluster

Additional resources

• For information on using the CLI to create a cluster, see Creating a ROSA with HCP cluster using the CLI.

• For steps to deploy a ROSA cluster using manual mode, see Creating a cluster using customizations.

• For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see About IAM resources for clusters that use STS.

• For details about optionally setting an Operator role name prefix, see About custom Operator IAM role prefixes.

• For information about the prerequisites to installing ROSA with STS, see AWS prerequisites for ROSA with STS.

• For details about using the auto and manual modes to create the required STS resources, see Understanding the auto and manual deployment modes.

• For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see Creating OpenID Connect (OIDC) identity providers.

• For more information about troubleshooting ROSA cluster installations, see Troubleshooting installations.

• For steps to contact Red Hat Support for assistance, see Getting support for Red Hat OpenShift Service on AWS.