# What is Red Hat OpenShift Service on AWS?
Red Hat OpenShift Service on AWS (ROSA) is a managed service that you can use to build, scale, and deploy containerized applications with the Red Hat OpenShift enterprise Kubernetes platform on AWS. ROSA streamlines moving on-premises Red Hat OpenShift workloads to AWS, and offers tight integration with other AWS services.
## Features
ROSA is jointly supported and operated by AWS and Red Hat. Each ROSA cluster comes with 24-hour Red Hat site reliability engineer (SRE) support for cluster management, backed by Red Hat’s 99.95% uptime service-level agreement (SLA). For more information about the service’s support model, see [Getting ROSA support](rosa-support.md).
ROSA also provides the following features:
+ Red Hat SRE-supported cluster installation, cluster maintenance, and cluster upgrades.
+ AWS service integrations include AWS compute, database, analytics, machine learning, networking, and mobile.
+ Run and scale the Kubernetes control plane across multiple AWS Availability Zones to ensure high availability.
+ Operate clusters using OpenShift APIs and developer productivity tools, including Service Mesh, CodeReady Workspaces, and Serverless.
## Accessing ROSA
You can define and configure your ROSA service deployments using the following interfaces.
** AWS **
+ ** ROSA console** — Provides a web interface to enable the ROSA subscription and purchase a ROSA software contract.
+ ** AWS Command Line Interface (AWS CLI)** — Provides commands for a broad set of AWS services and is supported on Windows, macOS, and Linux. For more information, see [AWS Command Line Interface](https://aws.amazon.com/cli).
**Red Hat OpenShift**
+ **Red Hat Hybrid Cloud Console** — Provides a web interface to create, update, and manage ROSA clusters, install cluster add-ons, and create and deploy applications to a ROSA cluster.
+ ** ROSA CLI (rosa)** — Provides commands to create, update, and manage ROSA clusters.
+ **OpenShift CLI (oc)** — Provides commands to create applications and manage OpenShift Container Platform projects.
+ **Knative CLI (kn)** - Provides commands that can be used to interact with OpenShift Serverless components, such as Knative Serving and Eventing.
+ **Pipelines CLI (tkn)** - Provides commands to interact with OpenShift Pipelines using the terminal.
+ **opm CLI** - Provides commands that help Operator developers and cluster administrators create and maintain OpenShift Operator catalogs from the terminal.
+ **Operator SDK CLI** - Provides commands that an Operator developer can use to build, test, and deploy an OpenShift operator.
## How to get started with ROSA
![\[How to get started\]](http://docs.aws.amazon.com/rosa/latest/userguide/images/rosa-get-started.png)
The following summarizes the getting started process for ROSA. For detailed getting started instructions, see [Get started with ROSA](getting-started.md).
** AWS Management Console/AWS CLI **
1. Configure permissions for AWS services that ROSA relies on to deliver service functionality. For more information, see [Prerequisites](getting-started-hcp.md#getting-started-hcp-prereqs).
1. Install and configure the latest AWS CLI tool. For more information, see [Installing our updating the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) in the AWS CLI User Guide.
1. Enable ROSA in the [ROSA console](https://console.aws.amazon.com/rosa).
**Red Hat Hybrid Cloud Console/ROSA CLI**
1. Download the latest version of the ROSA CLI and OpenShift CLI from the [Red Hat Hybrid Cloud Console](https://console.redhat.com/openshift). For more information, see [Getting started with the ROSA CLI](https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html/rosa_cli/rosa-get-started-cli) in the Red Hat documentation.
1. Create ROSA clusters in the Red Hat Hybrid Cloud Console or with the ROSA CLI.
1. When your cluster is ready, configure an identity provider to grant user access to the cluster.
1. Deploy and manage workloads on your ROSA cluster the same way that you would with any other OpenShift environment.
## Pricing
The total cost of ROSA consists of two components: ROSA service fees and AWS infrastructure fees. For more information about pricing, see [Red Hat OpenShift Service on AWS Pricing](https://aws.amazon.com/rosa/pricing/).
### ROSA service fees
By default, ROSA service fees accrue on demand at an hourly rate per 4 vCPU used by worker nodes. Service fees are uniform across all supported AWS standard Regions. In addition to the worker node service fee, ROSA with hosted control planes (HCP) clusters incur an hourly cluster fee.
ROSA offers 1-year and 3-year service fee contracts that you can purchase for savings on the on-demand service fees for worker nodes. For more information, see [Purchasing a ROSA contract](integration-marketplace.md#rosa-contracts).
### AWS infrastructure fees
AWS infrastructure fees apply to the underlying worker nodes, infrastructure nodes, control plane nodes, storage, and network resources hosted on AWS global infrastructure. AWS infrastructure fees vary by AWS Region.
# Overview of responsibilities for ROSA
This documentation outlines the responsibilities of Amazon Web Services (AWS), Red Hat, and customers for the Red Hat OpenShift Service on AWS (ROSA) managed service. For more information about ROSA and its components, see [Policies and service definition](https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html/introduction_to_rosa/policies-and-service-definition) in the Red Hat documentation.
The [AWS shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model) defines AWS responsibility for protecting the infrastructure that runs all of the services offered in the AWS Cloud, including ROSA. AWS infrastructure includes the hardware, software, networking, and facilities that run AWS Cloud services. This AWS responsibility is commonly referred to as the “security of the cloud”. To operate ROSA as a fully managed service, Red Hat and the customer are responsible for the elements of the service that the AWS responsibility model defines as “security in the cloud”.
Red Hat is responsible for the ongoing management and security of the ROSA cluster infrastructure, the underlying application platform, and the operating system. While ROSA clusters are hosted on AWS resources in the customer AWS accounts, they are accessed remotely by ROSA service components and Red Hat site reliability engineers (SREs) through IAM roles that the customer creates. Red Hat uses this access to manage the deployment and capacity of all control plane and infrastructure nodes on the cluster, and maintain versions for the control plane nodes, infrastructure nodes, and worker nodes.
Red Hat and the customer share responsibility for ROSA network management, cluster logging, cluster versioning, and capacity management. While Red Hat manages the ROSA service, the customer is fully responsible for managing and securing any applications, workloads, and data deployed to ROSA.
## Overview
The following table provides an overview of AWS, Red Hat, and customer responsibilities for Red Hat OpenShift Service on AWS.
**Note**
If the `cluster-admin` role is added to a user, see the responsibilities and exclusion notes in the [Red Hat Enterprise Agreement Appendix 4 (Online Subscription Services)](https://www.redhat.com/en/about/appendices).
| **Resource** | **Incident and operations management** | **Change management** | **Access and identity authorization** | **Security and regulation compliance** | **Disaster recovery** |
| --- | --- | --- | --- | --- | --- |
| **Customer data** | Customer | Customer | Customer | Customer | Customer |
| **Customer applications** | Customer | Customer | Customer | Customer | Customer |
| **Developer services** | Customer | Customer | Customer | Customer | Customer |
| **Platform monitoring** | Red Hat | Red Hat | Red Hat | Red Hat | Red Hat |
| **Logging** | Red Hat | Red Hat and customer | Red Hat and customer | Red Hat and customer | Red Hat |
| **Application networking** | Red Hat and customer | Red Hat and customer | Red Hat and customer | Red Hat | Red Hat |
| **Cluster networking** | Red Hat | Red Hat and customer | Red Hat and customer | Red Hat | Red Hat |
| **Virtual networking management** | Red Hat and customer | Red Hat and customer | Red Hat and customer | Red Hat and customer | Red Hat and customer |
| **Virtual compute management (control plane, infrastructure, and worker nodes)** | Red Hat | Red Hat | Red Hat | Red Hat | Red Hat |
| **Cluster version** | Red Hat | Red Hat and customer | Red Hat | Red Hat | Red Hat |
| **Capacity management** | Red Hat | Red Hat and customer | Red Hat | Red Hat | Red Hat |
| **Virtual storage management** | Red Hat | Red Hat | Red Hat | Red Hat | Red Hat |
| ** AWS software (public AWS services)** | AWS | AWS | AWS | AWS | AWS |
| **Hardware/AWS global infrastructure** | AWS | AWS | AWS | AWS | AWS |
## Tasks for shared responsibilities by area
AWS, Red Hat, and customers share responsibility for the monitoring and maintenance of ROSA components. This documentation defines ROSA service responsibilities by area and task.
### Incident and operations management
AWS is responsible for protecting the hardware infrastructure that runs all of the services offered in the AWS Cloud. Red Hat is responsible for managing the service components necessary for default platform networking. The customer is responsible for incident and operations management of customer application data and any custom networking the customer may have configured.
| **Resource** | **Service responsibilities** | **Customer responsibilities** |
| --- | --- | --- |
| **Application networking** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual networking management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual storage management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| ** AWS software (public AWS services)** | ** AWS ** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Hardware/AWS global infrastructure** | ** AWS ** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
### Change management
AWS is responsible for protecting the hardware infrastructure that runs all of the services offered in the AWS Cloud. Red Hat is responsible for enabling changes to the cluster infrastructure and services that the customer will control, as well as maintaining versions for the control plane nodes, infrastructure nodes, and worker nodes. The customer is responsible for initiating infrastructure changes. The customer is also responsible for installing and maintaining optional services, networking configurations on the cluster, and changes to customer data and applications.
| **Resource** | **Service responsibilities** | **Customer responsibilities** |
| --- | --- | --- |
| **Logging** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Application networking** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Cluster networking** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual networking management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual compute management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Cluster version** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Capacity management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual storage management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| ** AWS software (public AWS services)** | ** AWS ** **Compute** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) **Storage** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) **Networking** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Hardware/AWS global infrastructure** | ** AWS ** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
### Access and identity authorization
Access and identity authorization includes responsibilities for managing authorized access to clusters, applications, and infrastructure resources. This includes tasks such as providing access control mechanisms, authentication, authorization, and managing access to resources.
| **Resource** | **Service responsibilities** | **Customer responsibilities** |
| --- | --- | --- |
| **Logging** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Application networking** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Cluster networking** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual networking management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual compute management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual storage management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| ** AWS software (public AWS services)** | ** AWS ** **Compute** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) **Storage** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) **Networking** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Hardware/AWS global infrastructure** | ** AWS ** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
### Security and regulation compliance
The following are the responsibilities and controls related to compliance:
| **Resource** | **Service responsibilities** | **Customer responsibilities** |
| --- | --- | --- |
| **Logging** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual networking management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual compute management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual storage management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| ** AWS software (public AWS services)** | ** AWS ** **Compute** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) **Storage** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) **Networking** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Hardware/AWS global infrastructure** | ** AWS ** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
### Disaster recovery
Disaster recovery includes data and configuration backup, data replication and configuration of the disaster recovery environment, and failover on disaster events.
| **Resource** | **Service responsibilities** | **Customer responsibilities** |
| --- | --- | --- |
| **Virtual networking management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual compute management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Virtual storage management** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| ** AWS software (public AWS services)** | ** AWS ** **Compute** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) **Storage** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) **Networking** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Hardware/AWS global infrastructure** | ** AWS ** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
## Customer responsibilities for data and applications
The customer is responsible for the applications, workloads, and data that they deploy to Red Hat OpenShift Service on AWS. However, AWS and Red Hat provide various tools to help the customer manage data and applications on the platform.
| **Resource** | **How AWS and Red Hat helps** | **Customer responsibilities** |
| --- | --- | --- |
| **Customer data** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) ** AWS ** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
| **Customer applications** | **Red Hat** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) ** AWS ** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) | **Customer** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/rosa/latest/userguide/rosa-responsibilities.html) |
# ROSA architecture
Red Hat OpenShift Service on AWS (ROSA) has the following cluster topologies:
+ Hosted control plane (HCP) - The control plane is hosted within Red Hat’s AWS account and managed by Red Hat. Worker nodes are deployed in the customer’s AWS account.
+ Classic – The control plane and worker nodes are deployed in the customer’s AWS account.
ROSA with HCP offers a more efficient control plane architecture that helps reduce the AWS infrastructure fees incurred when running ROSA and allows for faster cluster creation times. Both ROSA with HCP and ROSA classic can be enabled in the AWS ROSA console. You have the choice to select which architecture you want to use when you provision ROSA clusters using the ROSA CLI.
**Note**
ROSA offers FedRAMP High and HIPAA Qualified compliance certifications in AWS GovCloud on both classic and hosted control plane architectures. For more information, see [Compliance](https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws_classic_architecture/4/html/introduction_to_rosa/policies-and-service-definition#rosa-policy-process-security) in the Red Hat documentation.
ROSA offers Federal Information Processing Standard (FIPS) endpoints in AWS GovCloud on both classic and hosted control plane architectures.
## Comparing ROSA with HCP and ROSA classic
The following table compares ROSA with HCP and ROSA classic architecture models.
| | **ROSA with HCP** | **ROSA classic** |
| --- | --- | --- |
| Cluster infrastructure hosting | Control plane components, such as etcd, API server, and oauth, are hosted in a Red Hat-owned AWS account. | Control plane components, such as etcd, API server, and oauth, are hosted in a customer-owned AWS account. |
| Amazon VPC | Worker nodes communicate with the control plane over [AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html). | Worker nodes and control plane nodes are deployed in the customer’s VPC. |
| AWS Identity and Access Management | Uses AWS managed policies. | Uses customer managed policies that are defined by the service. |
| Multi-zone deployment | The control plane is deployed across multiple Availability Zones (AZs). | The control plane can be deployed within a single AZ or across multiple AZs. |
| Infrastructure nodes | Doesn’t use dedicated infrastructure nodes. Platform components are deployed to worker nodes. | Uses two single-AZ or three multi-AZ dedicated nodes to host platform components. |
| OpenShift capabilities | Platform monitoring, image registry, and the ingress controller are deployed in the worker nodes. | Platform monitoring, image registry, and the ingress controller are deployed in dedicated infrastructure nodes. |
| Cluster upgrades | The control plane and each machine pool can be upgraded separately. | The entire cluster must be upgraded at the same time. |
| Minimum Amazon EC2 footprint | Two Amazon EC2 instances are needed to create a cluster. | Seven single-AZ or nine multi-AZ Amazon EC2 instances are needed to create a cluster. |
| AWS Regions | For AWS Region availability, see [Red Hat OpenShift Service on AWS endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/rosa.html) in the * AWS General Reference Guide*. | For AWS Region availability, see [Red Hat OpenShift Service on AWS endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/rosa.html) in the * AWS General Reference Guide*. |