Cloud Experts Documentation

Red Hat OpenShift Service on AWS Classic architecture

Red Hat OpenShift Service on AWS (ROSA) is a fully-managed turnkey application platform that allows you to focus on what matters most, delivering value to your customers by building and deploying applications. Red Hat and AWS site reliability engineering (SRE) experts manage the underlying platform so you don’t have to worry about the complexity of infrastructure management. ROSA Classic architecture deploys control plane and infrastructure nodes into customer’s AWS accounts, in addition to worker nodes for customer workloads. New customers are encouraged to use the ROSA with Hosted Control Planes (HCP) architecture .

Using local-zones in ROSA Classic

This guide walks through setting up a local-zone in an existing ROSA Classic cluster. Use this approach when you have latency requirements that can be reduced when using a local zone. Since you are not using the default ingress, you will not be able to use the router strategy the cluster has. Prerequisites ROSA Classic Cluster with AWS Load Balancer Operator already installed: A ROSA classic cluster (BYO VPC) deployed with STS in a region that has local zones.

Deploying a ROSA Classic cluster with Terraform

This guide will walk you through deploying a ROSA cluster using Terraform. This is a great way to get started with ROSA and to automate the deployment of your clusters. Pre-requisites You need the git binary installed on your machine. You can download it from the git websiteexternal link (opens in new tab) . You need to have the terraform binary installed on your machine. You can download it from the Terraform websiteexternal link (opens in new tab) .

ROSA Break Glass Troubleshooting

Background WARNING: this procedure should only be initiated by a member of the Black Belt team or someone incredibly familiar with ROSA as a whole. THIS IS NOT COMMON!!! This guide shows how to access ROSA instances in the situation that a break glass scenario is required in the account where ROSA is deployed. This procedure should only be performed under unusual circumstances like a failed provision in order to collect logs.

Prerequisites Checklist to Deploy ROSA Cluster with STS

Background This is a quick checklist of prerequisites needed to spin up a classic Red Hat OpenShift Service on AWS (ROSA) cluster with STSexternal link (opens in new tab) . Note that this is a high level checklist and your implementation may vary. Before running the installation process, make sure that you deploy this from a machine that has access to: The API services for the cloud to which you provision.

Deploying ROSA PrivateLink Cluster with Ansible

Background This guide shows an example of how to deploy a classic Red Hat OpenShift Services on AWS (ROSA) cluster with PrivateLinkexternal link (opens in new tab) with STSexternal link (opens in new tab) enabled using Ansibleexternal link (opens in new tab) playbook from our MOBB GitHub repositoryexternal link (opens in new tab) and makefilesexternal link (opens in new tab) to compile them. Note that this is an unofficial Red Hat guide and your implementation may vary.

Verify Permissions for ROSA STS Deployment

To proceed with the deployment of a ROSA cluster, an account must support the required roles and permissions. AWS Service Control Policies (SCPs) cannot block the API calls made by the installer or operator roles. Details about the IAM resources required for an STS-enabled installation of ROSA can be found here: https://docs.openshift.com/rosa/rosa_architecture/rosa-sts-about-iam-resources.html This guide is validated for ROSA v4.11.X. Prerequisites AWS CLIexternal link (opens in new tab) ROSA CLIexternal link (opens in new tab) v1.

Creating a ROSA cluster in STS mode with custom KMS key

Tip Official Documentation ROSA STS with custom KMS key This guide will walk you through installing ROSA (Red Hat OpenShift Service on AWS) with a customer-provided KMS key that will be used to encrypt both the root volumes of nodes as well as persistent volumes for mounted EBS claims. Prerequisites AWS CLIexternal link (opens in new tab) ROSA CLIexternal link (opens in new tab) v1.1.11 or higher OpenShift CLI - rosa download openshift-client Prepare AWS Account for ROSA Configure the AWS CLI by running the following command

Creating a ROSA cluster with PrivateLink enabled (custom VPC) and STS

This is a combination of the private-link and sts setup documents to show the full picture Prerequisites AWS CLIexternal link (opens in new tab) Rosa CLIexternal link (opens in new tab) v1.1.7 jqexternal link (opens in new tab) AWS Preparation If this is a brand new AWS account that has never had a AWS Load Balancer installed in it, you should run the following Create the AWS Virtual Private Cloud (VPC) and Subnets For this scenario, we will be using a newly created VPC with both public and private subnets.

Creating a ROSA cluster with PrivateLink enabled

Prerequisites AWS CLIexternal link (opens in new tab) Rosa CLIexternal link (opens in new tab) v1.0.8 jqexternal link (opens in new tab) Create VPC and Subnets The following instructions use the AWS CLI to create the necessary networking to deploy a PrivateLink ROSA cluster into a Single AZ and are intended to be a guide. Ideally you would use an Automation tool like Ansible or Terraform to manage your VPCs.

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub Edit this page
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2026 Red Hat