Review this list of the required Amazon Web service (AWS) service quotas that are required to run an Red Hat OpenShift service on AWS cluster.
AWS Security Token service (STS) is the recommended credential mode for installing and interacting with clusters on Red Hat OpenShift service on AWS (ROSA) because it provides enhanced security. |
The table below describes the AWS service quotas and levels required to create and run one Red Hat OpenShift service on AWS cluster. Although most default values are suitable for most workloads, you might need to request additional quota for the following cases:
ROSA (classic architecture) clusters require a minimum AWS EC2 service quota of 100 vCPUs to provide for cluster creation, availability, and upgrades. The default maximum value for vCPUs assigned to Running On-Demand Standard Amazon EC2 instances is 5
. Therefore if you have not created a ROSA cluster using the same AWS account previously, you must request additional EC2 quota for Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances
.
Some optional cluster configuration features, such as custom security groups, might require you to request additional quota. For example, because ROSA associates 1 security group with network interfaces in worker machine pools by default, and the default quota for Security groups per network interface
is 5
, if you want to add 5 custom security groups, you must request additional quota, because this would bring the total number of security groups on worker network interfaces to 6.
The AWS SDK allows ROSA to check quotas, but the AWS SDK calculation does not account for your existing usage. Therefore, it is possible that the quota check can pass in the AWS SDK yet the cluster creation can fail. To fix this issue, increase your quota. |
If you need to modify or increase a specific quota, see Amazon’s documentation on requesting a quota increase. Large quota requests are submitted to Amazon Support for review, and take some time to be approved. If your quota request is urgent, contact AWS Support.
Quota name | service code | Quota code | AWS default | Minimum required | Description |
---|---|---|---|---|---|
Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances |
ec2 |
L-1216C47A |
5 |
100 |
Maximum number of vCPUs assigned to the Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances. The default value of 5 vCPUs is not sufficient to create ROSA clusters. ROSA has a minimum requirement of 100 vCPUs for cluster creation. |
Storage for General Purpose SSD (gp2) volume storage in TiB |
ebs |
L-D18FCD1D |
50 |
300 |
The maximum aggregated amount of storage, in TiB, that can be provisioned across General Purpose SSD (gp2) volumes in this Region. |
Storage for General Purpose SSD (gp3) volume storage in TiB |
ebs |
L-7A658B76 |
50 |
300 |
The maximum aggregated amount of storage, in TiB, that can be provisioned across General Purpose SSD (gp3) volumes in this Region. 300 TiB of storage is the required minimum for optimal performance. |
Storage for Provisioned IOPS SSD (io1) volumes in TiB |
ebs |
L-FD252861 |
50 |
300 |
The maximum aggregated amount of storage, in TiB, that can be provisioned across Provisioned IOPS SSD (io1) volumes in this Region. 300 TiB of storage is the required minimum for optimal performance. |
Quota name | service code | Quota code | AWS default | Minimum required | Description |
---|---|---|---|---|---|
EC2-VPC Elastic IPs |
ec2 |
L-0263D0A3 |
5 |
5 |
The maximum number of Elastic IP addresses that you can allocate for EC2-VPC in this Region. |
VPCs per Region |
vpc |
L-F678F1CE |
5 |
5 |
The maximum number of VPCs per Region. This quota is directly tied to the maximum number of internet gateways per Region. |
Internet gateways per Region |
vpc |
L-A4707A72 |
5 |
5 |
The maximum number of internet gateways per Region. This quota is directly tied to the maximum number of VPCs per Region. To increase this quota, increase the number of VPCs per Region. |
Network interfaces per Region |
vpc |
L-DF5E4CA3 |
5,000 |
5,000 |
The maximum number of network interfaces per Region. |
Security groups per network interface |
vpc |
L-2AFB9258 |
5 |
5 |
The maximum number of security groups per network interface. This quota, multiplied by the quota for rules per security group, cannot exceed 1000. |
Snapshots per Region |
ebs |
L-309BACF6 |
10,000 |
10,000 |
The maximum number of snapshots per Region |
IOPS for Provisioned IOPS SSD (Io1) volumes |
ebs |
L-B3A130E6 |
300,000 |
300,000 |
The maximum aggregated number of IOPS that can be provisioned across Provisioned IOPS SDD (io1) volumes in this Region. |
Application Load Balancers per Region |
elasticloadbalancing |
L-53DA6B97 |
50 |
50 |
The maximum number of Application Load Balancers that can exist in each region. |
Classic Load Balancers per Region |
elasticloadbalancing |
L-E9E9831D |
20 |
20 |
The maximum number of Classic Load Balancers that can exist in each region. |