This is a cache of https://docs.openshift.com/rosa/cloud_experts_tutorials/cloud-experts-rosa-hcp-activation-and-account-linking-tutorial.html. It is a snapshot of the page at 2024-11-25T03:01:21.597+0000.
ROSA with HCP activation and account linking | Tutorials | Red Hat OpenShift Service on AWS
×

This tutorial describes the process for activating Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) and linking to an AWS account, before deploying the first cluster.

If you have received a private offer for the product, make sure to proceed according to the instructions provided with the private offer before following this tutorial. The private offer is designed either for a case when the product is already activated, which replaces an active subscription, or for first time activations.

Prerequisites

  • Make sure to log in to the Red Hat account that you plan to associate with the AWS account where you have activated ROSA with HCP in previous steps.

  • The AWS account used for service billing can only be associated with a single Red Hat account. Typically an AWS payer account is the one that is used to subscribe to ROSA and used for account linking and billing.

  • All team members belonging to the same Red Hat organization can use the linked AWS account for service billing while creating ROSA with HCP clusters.

Subscription enablement and AWS account setup

  1. Activate the ROSA with HCP product at the AWS console page by clicking the Get started button:

    rosa get started
    Figure 1. Get started

    If you have activated ROSA before but did not complete the process, you can click the button and complete the account linking as described in the following steps.

  2. Confirm that you want your contact information to be shared with Red Hat and enable the service:

    rosa enable 2
    Figure 2. Enable ROSA
    • You will not be charged by enabling the service in this step. The connection is made for billing and metering that will take place only after you deploy your first cluster. This could take a few minutes.

  3. After the process is completed, you will see a confirmation:

    rosa prereq enable 3
    Figure 3. ROSA enablement confirmation
  4. Other sections on this verification page show the status of additional prerequisites. In case any of these prerequisites are not met, a corresponding message is shown. Here is an example of insufficient quotas in the selected region:

    rosa service quota 4
    Figure 4. Service quotas
    1. Click the Increase service quotas button or use the Learn more link to get more information about the about how to manage service quotas. In the case of insufficient quotas, note that quotas are region-specific. You can use the region switcher in the upper right corner of the web console to re-run the quota check for any region you are interested in and then submit service quota increase requests as needed.

  5. If all the prerequisites are met, the page will look like this:

    rosa prereq 5
    Figure 5. Verify ROSA prerequisites

    The ELB service-linked role is created for you automatically. You can click any of the small Info blue links to get contextual help and resources.

AWS and Red Hat account and subscription linking

  1. Click the orange Continue to Red Hat button to proceed with account linking:

    rosa continue rh 6
    Figure 6. Continue to Red Hat
  2. If you are not already logged in to your Red Hat account in your current browser’s session, you will be asked to log in to your account:

    Your AWS account must be linked to a single Red Hat organization.

    rosa login rh account 7
    Figure 7. Log in to your Red Hat account
    • You can also register for a new Red Hat account or reset your password on this page.

    • Make sure to log in to the Red Hat account that you plan to associate with the AWS account where you have activated ROSA with HCP in previous steps.

    • The AWS account used for service billing can only be associated with a single Red Hat account. Typically an AWS payer account is the one that is used to subscribe to ROSA and used for account linking and billing.

    • All team members belonging to the same Red Hat organization can use the linked AWS account for service billing while creating ROSA with HCP clusters.

  3. Complete the Red Hat account linking after reviewing the terms and conditions:

    This step is available only if the AWS account was not linked to any Red Hat account before.

    This step is skipped if the AWS account is already linked to the user’s logged in Red Hat account.

    If the AWS account is linked to a different Red Hat account, an error will be displayed. See Correcting Billing Account Information for HCP clusters for troubleshooting.

    rosa rh account connection 8
    Figure 8. Complete your account connection

    Both the Red Hat and AWS account numbers are shown on this screen.

  4. Click the Connect accounts button if you agree with the service terms.

    If this is the first time you are using the Red Hat Hybrid Cloud Console, you will be asked to agree with the general managed services terms and conditions before being able to create the first ROSA cluster:

    rosa terms conditions 9
    Figure 9. Terms and conditions

    Additional terms that need to be reviewed and accepted are shown after clicking the View Terms and Conditions button:

    rosa terms conditions 9 5
    Figure 10. Red Hat terms and conditions

    Submit your agreement once you have reviewed any additional terms when prompted at this time.

  5. The Hybrid Cloud Console provides a confirmation that AWS account setup was completed and lists the prerequisites for cluster deployment:

    rosa cluster create 10
    Figure 11. Complete ROSA prerequisites

    The last section of this page shows cluster deployment options, either using the rosa CLI or through the web console:

    rosa cli ui 12
    Figure 12. Deploy the cluster and set up access

Selecting the AWS billing account for ROSA with HCP during cluster deployment using the CLI

Make sure that you have the most recent ROSA command line interface (CLI) and AWS CLI installed and have completed the ROSA prerequisites covered in the previous section. See Help with ROSA CLI setup and Instructions to install the AWS CLI for more information.

  1. Initiate the cluster deployment using the rosa create cluster command. You can click the copy button on the Set up Red Hat OpenShift Service on AWS (ROSA) console page and paste the command in your terminal. This launches the cluster creation process in interactive mode:

    rosa cli 15
    Figure 13. Deploy the cluster and set up access
  2. To use a custom AWS profile, one of the non-default profiles specified in your ~/.aws/credentials, you can add the –profile <profile_name> selector to the rosa create cluster command so that the command looks like rosa create cluster –profile stage. If no AWS CLI profile is specified using this option, the default AWS CLI profile will determine the AWS infrastructure profile into which the cluster is deployed. The billing AWS profile is selected in one of the following steps.

  3. When deploying a ROSA with HCP cluster, the billing AWS account needs to be specified:

    rosa create cli billing 17
    Figure 14. Specify the Billing Account
    • Only AWS accounts that are linked to the user’s logged in Red Hat account are shown.

    • The specified AWS account is charged for using the ROSA service.

    • An indicator shows if the ROSA contract is enabled or not enabled for a given AWS billing account.

      • If you select an AWS billing account that shows the Contract enabled label, on-demand consumption rates are charged only after the capacity of your pre-paid contract is consumed.

      • AWS accounts without the Contract enabled label are charged the applicable on-demand consumption rates.

Additional resources

Selecting the AWS billing account for ROSA with HCP during cluster deployment using the web console

  1. A cluster can be created using the web console by selecting the second option in the bottom section of the introductory Set up ROSA page:

    rosa deploy ui 19
    Figure 15. Deploy with web interface

    Complete the prerequisites before starting the web console deployment process.

    The rosa CLI is required for certain tasks, such as creating the account roles. If you are deploying ROSA for the first time, follow this the CLI steps until running the rosa whoami command, before starting the web console deployment steps.

  2. The first step when creating a ROSA cluster using the web console is the control plane selection. Make sure the Hosted option is selected before clicking the Next button:

    rosa deploy ui hcp 20
    Figure 16. Select hosted option
  3. The next step Accounts and roles allows you specifying the infrastructure AWS account, into which the ROSA cluster is deployed and where the resources are consumed and managed:

    rosa ui account 21
    Figure 17. AWS infrastructure account
    • Click the How to associate a new AWS account, if you don not see the account into which you want to deploy the ROSA cluster for detailed information on how to create or link account roles for this association.

    • The rosa CLI is used for this.

    • If you are using multiple AWS accounts and have their profiles configured for the AWS CLI, you can use the --profile selector to specify the AWS profile when working with the rosa CLI commands.

  4. The billing AWS account is selected in the immediately following section:

    rosa ui billing 22
    Figure 18. AWS billing account
    • Only AWS accounts that are linked to the user’s logged in Red Hat account are shown.

    • The specified AWS account is charged for using the ROSA service.

    • An indicator shows if the ROSA contract is enabled or not enabled for a given AWS billing account.

      • If you select an AWS billing account that shows the Contract enabled label, on-demand consumption rates are charged only after the capacity of your pre-paid contract is consumed.

      • AWS accounts without the Contract enabled label are charged the applicable on-demand consumption rates.

The following steps past the billing AWS account selection are beyond the scope of this tutorial.

Additional resources