openshift-docs/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc

:_mod-docs-content-type: ASSEMBLY
[id="rosa-hcp-creating-cluster-with-aws-kms-key"]
= Creating ROSA with HCP clusters using a custom AWS KMS encryption key
include::_attributes/attributes-openshift-dedicated.adoc[]
:context: rosa-hcp-creating-cluster-with-aws-kms-key

toc::[]

Create a {product-title} cluster using a custom AWS Key Management Service (KMS) key.

//include::modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc[leveloffset=+1]
//include::modules/rosa-sts-associating-your-aws-account.adoc[leveloffset=+2]

[id="rosa-hcp-creating-cluster-with-aws-kms-key-prereqs"]
== {product-title} Prerequisites

To create a {product-title} cluster, you must have the following items:

* A configured virtual private cloud (VPC)
* Account-wide roles
* An OIDC configuration
* Operator roles

[id="rosa-hcp-creating-cluster-with-aws-kms-key-creating-vpc"]
== Creating a Virtual Private Cloud for your {product-title} clusters

You must have a Virtual Private Cloud (VPC) to create {product-title} cluster. Use one of the following methods to create a VPC:

* Create a VPC using the ROSA command-line interface (CLI)
* Create a VPC by using a Terraform template
* Manually create the VPC resources in the AWS console

[NOTE]
====
The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform script it is in the same region that you intend to install your cluster. In these examples, use `us-east-2`.
====

include::modules/rosa-hcp-create-network.adoc[leveloffset=+2]

[role="_additional-resources"]
[id="additional-resources_rosa-hcp-create-network-kms-key"]
.Additional resources

* link:https://aws.amazon.com/cloudformation/[AWS CloudFormation]
* link:https://github.com/openshift/rosa/blob/master/cmd/create/network/templates/rosa-quickstart-default-vpc/cloudformation.yaml[Default VPC AWS CloudFormation template]

include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+2]

[role="_additional-resources"]
[id="additional-resources_rosa-hcp-vpc-terraform-kms-key"]
.Additional resources

* link:https://github.com/openshift-cs/terraform-vpc-example[Terraform VPC repository]

include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+2]

include::snippets/vpc-troubleshooting.adoc[leveloffset=+2]

include::modules/rosa-hcp-vpc-subnet-tagging.adoc[leveloffset=+3]

[role="_additional-resources"]
[id="additional-resources_rosa-hcp-vpc-aws-kms-key"]
.Additional resources

* link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-getting-started.html[Get Started with Amazon VPC]
* link:https://developer.hashicorp.com/terraform[HashiCorp Terraform documentation]
* link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/subnet_discovery/[Subnet Auto Discovery]

include::modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+2]

include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+2]

include::modules/rosa-operator-config.adoc[leveloffset=+2]

include::modules/creating-cluster-with-aws-kms-key.adoc[leveloffset=+2]

[role="_additional-resources"]
[id="additional-resources_rosa-hcp-operator-prefix"]

[role="_additional-resources"]
[id="additional-resources_rosa-hcp-creating-cluster-with-aws-kms-key"]
== Additional resources

* xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-cli_rosa-hcp-sts-creating-a-cluster-quickly[Creating a ROSA with HCP cluster using the CLI]
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS]
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes]
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS]
* link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers]
* xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS]
* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP cluster installations]