You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* **Subnets:** One master subnet for the control plane workloads and one worker subnet for all others. An additional subnet is required for Google Private Service Connect (PSC) when a private cluster is deployed using PSC.
42
42
* **Router tables:** One global route table per VPC.
During cluster creation, you can add additional custom security groups to a cluster that has an existing non-managed VPC. To do so, complete these prerequisites before you create the cluster:
10
+
11
+
* Create the custom security groups in AWS before you create the cluster.
12
+
* Associate the custom security groups with the VPC that you are using to create the cluster. Do not associate the custom security groups with any other VPC.
13
+
* You may need to request additional AWS quota for `Security groups per network interface`.
You must have an AWS account with certain permissions before creating your cluster.
10
+
11
+
* Create an AWS account if you do not already have one.
12
+
* Gather the credentials required to log in to your AWS account.
13
+
* Ensure that your AWS account has sufficient permissions to use the {rosa-cli}.
14
+
//OSDOCS-11789: Moving these here because it is a permission / account level enablement
15
+
* Enable {product-title} for your AWS account on the link:https://console.aws.amazon.com/rosa/[AWS console].
16
+
** If your account is the management account for your organization (used for AWS billing purposes), you must have `aws-marketplace:Subscribe` permissions available on your account. See _Service control policy (SCP) prerequisites_ for more information, or see the AWS documentation for troubleshooting: link:https://docs.aws.amazon.com/rosa/latest/userguide/security-iam-troubleshoot.html#error-aws-orgs-scp-denies-permissions[AWS Organizations service control policy denies required AWS Marketplace permissions].
17
+
* Ensure you have not enabled restrictive tag policies. For more information, see link:https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html[Tag policies] in the AWS documentation.
The AWS CLI tool allows you to interact with AWS resources directly.
10
+
11
+
.Procedure
12
+
. Install the link:https://aws.amazon.com/cli/[AWS Command Line Interface].
13
+
. Log in to your AWS account using the AWS CLI: link:https://docs.aws.amazon.com/signin/latest/userguide/command-line-sign-in.html[Sign in through the AWS CLI]
14
+
. Verify your account identity:
15
+
+
16
+
[source,terminal]
17
+
----
18
+
$ aws sts get-caller-identity
19
+
----
20
+
. Check whether the service role for ELB (Elastic Load Balancing) exists:
21
+
+
22
+
[source,terminal]
23
+
----
24
+
$ aws iam get-role --role-name "AWSServiceRoleForElasticLoadBalancing"
25
+
----
26
+
+
27
+
If the role does not exist, create it by running the following command:
28
+
+
29
+
[source,terminal]
30
+
----
31
+
$ aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com"
//TODO OSDOCS-11789: Moved quota check to the point where it is actually useful - yes, this is checked during install, but it's also worth checking ahead of time so that any issues are known during preparation rather than deployment.
7
+
= AWS infrastructure prerequisites
8
+
9
+
[role="_abstract"]
10
+
Before you create your cluster, you need to have sufficient AWS quota.
11
+
12
+
.Procedure
13
+
* To verify that your AWS account has sufficient quota available to deploy a cluster, run the following command:
14
+
+
15
+
[source,terminal]
16
+
----
17
+
$ rosa verify quota
18
+
----
19
+
+
20
+
This command only checks the total quota allocated to your account; it does not reflect the amount of quota already consumed from that quota. Running this command is optional because your quota is verified during cluster deployment. However, Red{nbsp}Hat recommends running this command to confirm your quota ahead of time so that deployment is not interrupted by issues with quota availability.
0 commit comments