Important
New Docs are available at https://docs.aws.amazon.com/parallelcluster
All new features, starting with 2.4.0, will be documented there.
AWS ParallelCluster supports the configuration options ebs_kms_key_id
, which allows you to
provide a custom KMS key for EBS Disk encryption. To use it you’ll need to specify a ec2_iam_role
.
In order for the cluster to create, the KMS key needs to know the name of the cluster’s role. This prevents you from
using the role created on cluster create, requiring a custom ec2_iam_role
.
First you’ll need to create a policy:
<AWS ACCOUNT ID>
and <REGION>
ParallelClusterInstancePolicy
and click “Create Policy”Next create a role:
EC2
as the trusted entityParallelClusterInstancePolicy
role you just created and attach it.ParallelClusterRole
and click “Create Role”In the IAM Console > Encryption Keys > click on your key.
Click “Add User” and search for the ParallelClusterInstanceRole` you just created. Attach it.
Now create a cluster, here’s an example of a cluster with encrypted Raid 0
drives:
[cluster default]
...
raid_settings = rs
ec2_iam_role = ParallelClusterInstanceRole
[raid rs]
shared_dir = raid
raid_type = 0
num_of_raid_volumes = 2
volume_size = 100
encrypted = true
ebs_kms_key_id = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Here’s an example with EBS:
[cluster default]
...
ebs_settings = custom1
ec2_iam_role = ParallelClusterInstanceRole
[ebs custom1]
shared_dir = vol1
ebs_kms_key_id = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
volume_type = io1
volume_iops = 200