OpenShift 4 + AWS: IPI Installer KMS configuration

Solution Verified - Updated -


  • As an enterprise user running OpenShift in AWS, is important to be able to configure which KMS key is used in order to encrypt the AMI and the EC2 instance volumes of the cluster because that is part of a company compliance and security rules.
  • A simple and straightforward solution would be an additional field in the "" section of the install-config.yaml that allows to set a KMS key ARN. With this approach, it could even specify different KMS keys for masters and workers.


  • Red Hat OpenShift Container Platform (OCP) 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content