Configuring shared storage encryption with an Amazon KMS key

Learn how to set up a customer managed Amazon KMS key to encrypt and protect your data in the cluster file storage systems that are configured for Amazon ParallelCluster.

When using the Amazon ParallelCluster command line interface (CLI) or API, you only pay for the Amazon resources that are created when you create or update Amazon ParallelCluster images and clusters. For more information, see Amazon services used by Amazon ParallelCluster.

Amazon ParallelCluster supports following shared storage configuration options:

SharedStorage / EbsSettings / KmsKeyId
SharedStorage / EfsSettings / KmsKeyId
SharedStorage / FsxLustreSettings / KmsKeyId

You can use these options to provide a customer managed Amazon KMS key for Amazon EBS, Amazon EFS, and FSx for Lustre shared storage system encryption. To use them, you must create and configure an IAM policy for the following:

HeadNode / Iam / AdditionalIamPolicies / Policy
Scheduler / SlurmQueues / Iam / AdditionalIamPolicies / Policy

Prerequisites

Amazon ParallelCluster is installed.
The Amazon CLI is installed and configured.
You have an Amazon EC2 key pair.
You have an IAM role with the permissions that are required to run the pcluster CLI.

Topics

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Clean up

Create the policy