Configuring shared storage encryption with an AWS KMS key

Learn how to set up a customer managed AWS KMS key to encrypt and protect your data in the cluster file storage systems that are configured for AWS ParallelCluster.

When using the AWS ParallelCluster command line interface (CLI) or API, you only pay for the AWS resources that are created when you create or update AWS ParallelCluster images and clusters. For more information, see AWS services used by AWS ParallelCluster.

The AWS ParallelCluster UI is built on a serverless architecture and you can use it within the AWS Free Tier category for most cases. For more information, see AWS ParallelCluster UI costs.

AWS ParallelCluster supports following shared storage configuration options:

• SharedStorage / EbsSettings / KmsKeyId

• SharedStorage / EfsSettings / KmsKeyId

• SharedStorage / FsxLustreSettings / KmsKeyId

You can use these options to provide a customer managed AWS KMS key for Amazon EBS, Amazon EFS, and FSx for Lustre shared storage system encryption. To use them, you must create and configure an IAM policy for the following:

• HeadNode / Iam / AdditionalIamPolicies / Policy

• Scheduler / SlurmQueues / Iam / AdditionalIamPolicies / Policy

Prerequisites

• AWS ParallelCluster is installed.

• The AWS CLI is installed and configured.

• You have an Amazon EC2 key pair.

• You have an IAM role with the permissions that are required to run the pcluster CLI.

Topics

• Create the policy
• Configure and create the cluster