This section provides an overview of the options that are presented when you use the interactive mode to create a cluster through the rosa CLI.

Understanding the interactive cluster creation mode options

You can create a Red Hat OpenShift Service on AWS cluster with the AWS Security Token Service (STS) by using the interactive mode. You can enable the mode by specifying the --interactive option when you run rosa create cluster. The following table describes the interactive mode options.

Table 1. --interactive mode options
Field Description

Cluster name

Enter a name for your cluster, for example my-rosa-cluster.

Deploy cluster using AWS STS

Create an OpenShift cluster that uses the AWS Security Token Service (STS) to allocate temporary, limited-privilege credentials for component-specific AWS Identity and Access Management (IAM) roles. The service enables cluster components to make AWS API calls using secure cloud resource management practices.

OpenShift version

Select the version of OpenShift to install, for example 4.3.12. The default is the latest version.

External ID (optional)

Specify an unique identifier that is passed by OpenShift Cluster Manager and the OpenShift installer when an account role is assumed. This option is only required for custom account roles that expect an external ID.

Operator roles prefix

Enter a prefix to assign to the cluster-specific Operator IAM roles. The default is the name of the cluster and a 4-digit random string, for example my-rosa-cluster-a0b1.

Multiple availability zones

Deploy the cluster to multiple availability zones in the AWS region. The default is No, which results in a cluster being deployed to a single availability zone. If you deploy a cluster into multiple availability zones, the AWS region must have at least 3 availability zones. Multiple availability zones are recommended for production workloads.

AWS region

Specify the AWS region to deploy the cluster in. This overrides the AWS_REGION environment variable.

PrivateLink cluster

Create a cluster using AWS PrivateLink. This option provides private connectivity between Virtual Private Clouds (VPCs), AWS services, and your on-premise networks, without exposing your traffic to the public internet. To provide support, Red Hat Site Reliability Engineering (SRE) can connect to the cluster by using AWS PrivateLink Virtual Private Cloud (VPC) endpoints. This option cannot be changed after a cluster is created. The default is No.

Install into an existing VPC

Install a cluster into an existing AWS VPC. To use this option, your VPC must have 2 subnets for each availability zone that you are installing the cluster into. The default is No.

Enable customer managed key

Enable this option to use the AWS Key Management Service (KMS) to help securely manage keys for encrypted data. The keys are used for control plane data volumes that are encrypted by default. Persistent volumes (PVs) for customer applications also use AWS KMS for key management. When enabled, the account KMS key for the region is used by default. The default is No.

Compute nodes instance type

Select a compute node instance type. The default is m5.xlarge.

Enable autoscaling

Enable compute node autoscaling. The autoscaler adjusts the size of the cluster to meet your deployment demands. The default is No.

Compute nodes

Specify the number of compute nodes to provision into each availability zone. Clusters deployed in a single availability zone require at least 2 nodes. Clusters deployed in multiple zones must have at least 3 nodes. The default is 2.

Machine CIDR

Specify the machine IP address range. A minimum IP address range of 128 addresses, using the subnet prefix /25, is supported for single availability zone deployments. A minimum address range of 256 addresses, using the subnet prefix /24, is supported for deployments that use multiple availability zones. The default is

Service CIDR

Specify the IP address range for services. The OpenShift SDN allows only one address block for services. The address block must not overlap with any other address block. The default is


Specify the pod IP address range. The OpenShift SDN network plug-in supports multiple cluster networks. The address blocks for multiple cluster networks must not overlap. The ranges must be large enough to accommodate your workload. The default is

Host prefix

Specify the subnet prefix length to assign to each individual node. For example, if the host prefix is set to 23, each node is assigned a /23 subnet in the CIDR address range. The default is 23.

Disable workload monitoring

Disable monitoring for user-defined projects. Monitoring for user-defined projects is enabled by default.

Additional resources