openshift-docs/modules/cpmso-yaml-provider-spec-aws.adoc

// Module included in the following assemblies:
//
// * machine_management/cpmso-configuration.adoc

:_mod-docs-content-type: REFERENCE
[id="cpmso-yaml-provider-spec-aws_{context}"]
= Sample {aws-short} provider specification

[role="_abstract"]
You can update your control plane machines to reflect changes in your underlying infrastructure by editing values in the control plane machine set provider specification.

The following example YAML illustrates a valid configuration for an {aws-first} cluster.

include::snippets/cpmso-new-providerspec-match-install.adoc[]

You can omit any field that has a value set in the failure domain section of the CR.

include::snippets/cluster-id-explanation-oc-get.adoc[]

.Sample AWS `providerSpec` values
[source,yaml]
----
apiVersion: machine.openshift.io/v1
kind: ControlPlaneMachineSet
metadata:
  name: cluster
  namespace: openshift-machine-api
spec:
# ...
  template:
# ...
      spec:
        providerSpec:
          value:
            ami:
              id: ami-<ami_id_string>
            apiVersion: machine.openshift.io/v1beta1
            blockDevices:
            - ebs:
                encrypted: true
                iops: 0
                kmsKey:
                  arn: ""
                volumeSize: 120
                volumeType: gp3
            credentialsSecret:
              name: aws-cloud-credentials
            deviceIndex: 0
            iamInstanceProfile:
              id: <cluster_id>-master-profile
            instanceType: m6i.xlarge
            kind: AWSMachineProviderConfig
            loadBalancers:
            - name: <cluster_id>-int
              type: network
            - name: <cluster_id>-ext
              type: network
            metadata:
              creationTimestamp: null
            metadataServiceOptions: {}
            placement:
              region: <region>
              availabilityZone: ""
              tenancy:
            securityGroups:
              - filters:
                - name: tag:Name
                  values:
                  - <cluster_id>-node
              - filters:
                - name: tag:Name
                  values:
                  - <cluster_id>-lb
              - filters:
                - name: tag:Name
                  values:
                  - <cluster_id>-controlplane
            subnet: {}
            userDataSecret:
              name: master-user-data
----
where:

`<ami_id_string>`::
Specifies the {op-system-first} Amazon Machine Images (AMI) ID for the cluster.
The AMI must belong to the same region as the cluster.
If you want to use an AWS Marketplace image, you must complete the {product-title} subscription from the link:https://aws.amazon.com/marketplace/fulfillment?productId=59ead7de-2540-4653-a8b0-fa7926d5c845[AWS Marketplace] to obtain an AMI ID for your region.

`spec.template.spec.providerSpec.value.blockDevices.ebs`::
Specifies the configuration of an encrypted Amazon Elastic Block Store (Amazon EBS) volume.

`spec.template.spec.providerSpec.value.credentialsSecret.name`::
Specifies the secret name for the cluster.
Do not change this value.

`spec.template.spec.providerSpec.value.iamInstanceProfile`::
Specifies the AWS Identity and Access Management (IAM) instance profile.
Do not change this value.

`spec.template.spec.providerSpec.value.instanceType`::
Specifies the AWS instance type for the control plane.

`spec.template.spec.providerSpec.value.kind`::
Specifies the cloud provider platform type.
Do not change this value.

`spec.template.spec.providerSpec.value.loadBalancers`::
Specifies the internal (`int`) and external (`ext`) load balancers for the cluster.
+
[NOTE]
====
You can omit the external (`ext`) load balancer parameters on private {product-title} clusters.
====

`spec.template.spec.providerSpec.value.placement`::
Specifies where to create the control plane instance in AWS.
The following keys in this stanza specify additional details:
+
--
`region`::
Specifies the AWS region for the cluster.
`availabilityZone`::
This parameter is in the failure domain configuration and has an empty value here.
--
+
--
include::snippets/cpmso-failure-domain-param-precedence.adoc[]
--

`tenancy`::
Specifies the AWS Dedicated Instance configuration for the control plane.
For more information, see AWS documentation about link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html[Dedicated Instances].
The following values are valid:
+
--
* `default`: The Dedicated Instance runs on shared hardware.
* `dedicated`: The Dedicated Instance runs on single-tenant hardware.
* `host`: The Dedicated Instance runs on a Dedicated Host, which is an isolated server with configurations that you can control.
--

`spec.template.spec.providerSpec.value.securityGroups`::
Specifies the control plane machines security group.

`spec.template.spec.providerSpec.value.subnet`::
This parameter is in the failure domain configuration and has an empty value here.
+
--
include::snippets/cpmso-failure-domain-param-precedence.adoc[]
--
+
[NOTE]
====
If the failure domain configuration does not specify a value, the control plane machines use the value in the provider specification.
====

`spec.template.spec.providerSpec.value.userDataSecret`::
Specifies the control plane user data secret. Do not change this value.