Adding a KMS Key for Use on the Instaclustr Platform using Run in Instaclustr’s Account (RIIA) Provisioning
Instaclustr supports the creation of clusters in our provider account, which has EBS and S3 storage encrypted at rest using customer supplied KMS Keys. These instructions outline how to create the KMS Keys, and add them to the Instaclustr Platform.
In your AWS account:
Go to key management service and click on Create a Key
Follow the AWS wizard to create an AWS Encryption Key in the data centre’s intended region. Make sure to add the Instaclustr Production AWS account. As seen in the example image below, do this by adding the ID: 624537489435
Once you have created the key in your AWS account, go the Instaclustr console,
Navigate to Cluster Resources -> Encryption Keys by clicking on the gear icon at the top right hand corner.
You’ll need the AWS key’s ARN, found in the key’s details after key creation.
The alias will identify this key in other parts of the Instaclustr console. Add the alias for your key, the AWS key’s ARN, and set the Provider Account to INSTACLUSTR. Once you have done this, click on Add Key to add the key to your account.
Once the key is added to your account, it will show up in the table.
Use the Validate button to check the validity of the key before cluster creation. For Multi-Region keys, the Validate button updates the list of regions that key is available in.
When you Create a Cluster or Add a Data Centre to an existing cluster, you will now have the option to enable EBS encryption.
For more information regarding Amazon’s encryption service see: