ParallelCluster KMS Support

aws / aws-parallelcluster

AWS ParallelCluster is an AWS supported Open Source cluster management tool to deploy and manage HPC clusters in the AWS cloud.

https://github.com/aws/aws-parallelcluster

Apache License 2.0

818 stars 309 forks source link

ParallelCluster KMS Support #5756

Open joehellmersNOAA opened 9 months ago

joehellmersNOAA commented 9 months ago

Is there any facility for using KMS to encrypt volumes created for the head, compute and login nodes in ParallelCluster?

chenwany commented 8 months ago

Hello @joehellmersNOAA Currently the root volumes of the headnode and compute are encrypted by default the default KMS key:aws/ebs. Using custom KMS key is currently not supported. Do you wish to use custom KMS key to encrypt the root volumes? Could you share more about your use case?

Thank you!

joehellmersNOAA commented 8 months ago

We have a security requirement that we use custom KMS keys. It's not my choice.

I was able to generate a ParallelCluster AMI using the custom KMS for the volumes I wanted, and then used that AMI in my cluster.

I did need to create an additional policy for the permissions to the key and add it my cluster configuration yaml file.

Also I wanted to use SSM Session Manager to connect to my instances so I needed to configure the default KMS in the SSM session manager preferences.