Adding a KMS Key for use on the Instaclustr Platform using AWS Run in Your Own Account (RIYOA) Provisioning
Instaclustr supports the creation of clusters in your own cloud provider account, which has EBS and S3 storage encrypted at rest using customer supplied KMS Keys. These instructions outline how to create the KMS Keys, and add them to the Instaclustr Platform.
- Creation of KMS Keys and Setup of IAM Permissions
The information on how to setup and configure KMS Keys for usage on RIYOA provisioning is outlined in the Instaclustr Run In Your Own Account AWS Provisioning Setup Guide, which is provided as part of your RIYOA onboarding. If you do not have a copy of this document please reach out to Instaclustr Support.
Once you have configured the key in your AWS account, go to the Instaclustr console,
- Navigate to Cluster Resources -> Encryption Keys by clicking on the gear icon at the top right hand corner.
- You’ll need the AWS key’s ARN, found in the key’s details after key creation.
- The alias will identify this key in other parts of the Instaclustr console. Add the alias for your key, the AWS key’s ARN, and set the Provider Account to the provider account that has been setup for this key. For RIYOA provisioning – this is not the “Instaclustr” Provider Account. Once you have done this, click on Add Key to add the key to your account.
- When you Create a Cluster or Add a Data Centre to an existing cluster, you will now have the option to enable EBS encryption.
For more information regarding Amazon’s encryption service see:
We are available to provide additional information and guide you through this process. Please contact Instaclustr Support or raise a new ticket.