Cloud Experts Documentation

Shared VPC

Deploying ROSA HCP in a Shared VPC Pattern

Red Hat OpenShift Service on AWS (ROSA) with Hosted Control Planes (HCP) supports a shared VPC deployment pattern where the cluster’s networking infrastructure (VPC, subnets, Route 53 hosted zones) lives in a centralized networking account while the ROSA cluster is owned by a separate workload account. This pattern is common in enterprises that use a hub-and-spoke networking model with AWS Organizations. This tutorial walks through deploying a private ROSA HCP cluster in a shared VPC using the rosa and aws CLI tools, including customer-managed KMS encryption for etcd and node volumes.

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2026 Red Hat