Creating the role Give your key permissions Creating the cluster

Disk encryption with a custom KMS Key

AWS ParallelCluster supports the configuration options ebs_kms_key_id and fsx_kms_key_id. These options allow you to provide a custom AWS KMS key for Amazon EBS Disk encryption or FSx for Lustre. To use them, you specify an ec2_iam_role.

In order for the cluster to create, the AWS KMS key must know the name of the cluster's role. This prevents you from using the role created on cluster create, requiring a custom ec2_iam_role.

Prerequisites

AWS ParallelCluster is installed.
The AWS CLI is installed and configured.
You have an EC2 key pair.
You have an IAM role with the permissions required to run the pcluster CLI.

Creating the role

First you create a policy:

Go to the IAM Console: https://console.aws.amazon.com/iam/home.
Under Policies, Create policy, click the JSON tab.
As the policy's body, paste in the Instance Policy. Make sure to replace all occurrences of <AWS ACCOUNT ID> and <REGION>.
Name the policy ParallelClusterInstancePolicy, and then click Create Policy.

Next create a role:

Under Roles, create a role.
Click EC2 as the trusted entity.
Under Permissions, search for the ParallelClusterInstancePolicy role that you just created, and attach it.
Name the role ParallelClusterInstanceRole, and then click Create Role.

Give your key permissions

In the AWS KMS Console > Customer managed keys > click your key's Alias or Key ID.

Click the Add button in the Key users box, underneath the Key policy tab, and search for the ParallelClusterInstanceRole you just created. Attach it.

Creating the cluster

Now create a cluster. The following is an example of a cluster with encrypted Raid 0 drives:


[cluster default]
...
raid_settings = rs
ec2_iam_role = ParallelClusterInstanceRole

[raid rs]
shared_dir = raid
raid_type = 0
num_of_raid_volumes = 2
volume_size = 100
encrypted = true
ebs_kms_key_id = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The following is an example with the FSx for Lustre file system:


[cluster default]
...
fsx_settings = fs
ec2_iam_role = ParallelClusterInstanceRole

[fsx fs]
shared_dir = /fsx
storage_capacity = 3600
imported_file_chunk_size = 1024
export_path = s3://bucket/folder
import_path = s3://bucket
weekly_maintenance_start_time = 1:00:00
fsx_kms_key_id = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Similar configurations apply to Amazon EBS and Amazon FSx based file systems.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Running an MPI job with AWS ParallelCluster and awsbatch scheduler

Multiple queue mode tutorial