Skip to main contentIBM Cloud Pak Playbook

Installing Openshift 4 on AWS

Documentation on installing Openshift 4 on AWS can be found here.

If possible, using the installer-provisioned infrastructure (IPI) method is preferred.

For custom requirements, the user-provisioned infrastructure (UPI) method can be used.

If the UPI method must be used, a terraform automation configuration may be helpful. A sample configuration can be found here:


Problem: When using automatic encryption of EBS volumes for EC2 instances, OpenShift Worker nodes will be terminated immediately as the generated user does not have the authority to use the default encryption key and the OpenShift installer will time out.


  1. Add the generated user (whose name will be in the form of <infrastructureID>-openshift-machine-api-aws-<randomString>) to allow use the default EBS volume encryption key in AWS Key Management Service.

  2. Scale Worker MachineSets to 0 via oc --kubeconfig /path/to/install/dir/auth/kubeconfig scale machineset --all -n openshift-machine-api --replicas=0

  3. Scale Worker MachineSets back to previous values via oc --kubeconfig /path/to/install/dir/auth/kubeconfig scale machineset --all -n openshift-machine-api --replicas=1

  4. Verify Worker nodes are visible in the AWS Console and via oc get nodes.

  5. Wait until all Operators in the oc get clusteroperators list are as expected.