Open joehellmersNOAA opened 9 months ago
Hello @joehellmersNOAA Currently the root volumes of the headnode and compute are encrypted by default the default KMS key:aws/ebs. Using custom KMS key is currently not supported. Do you wish to use custom KMS key to encrypt the root volumes? Could you share more about your use case?
Thank you!
We have a security requirement that we use custom KMS keys. It's not my choice.
I was able to generate a ParallelCluster AMI using the custom KMS for the volumes I wanted, and then used that AMI in my cluster.
I did need to create an additional policy for the permissions to the key and add it my cluster configuration yaml file.
Also I wanted to use SSM Session Manager to connect to my instances so I needed to configure the default KMS in the SSM session manager preferences.
Is there any facility for using KMS to encrypt volumes created for the head, compute and login nodes in ParallelCluster?