What’s new


Red Hat OpenShift Service on AWS 4

Highlights of what is new and what has changed in Red Hat OpenShift Service on AWS

Red Hat OpenShift Documentation Team

Abstract

The release notes for Red Hat OpenShift Service on AWS summarize all new features and enhancements, notable technical changes, major corrections, and any known bugs upon general availability.

Find new additions, recent changes, and relevant updates for Red Hat OpenShift Service on AWS listed below in quarterly increments.

1.1. Q4 2025

  • New version of Red Hat OpenShift Service on AWS available. Red Hat OpenShift Service on AWS version 4.20 is now available for new clusters.
  • On-Demand Capacity Reservations and Capacity Blocks for ML now supported. You can now use pre-purchased Capacity Reservations when creating new machine pools on Red Hat OpenShift Service on AWS clusters. For more information, see Managing compute nodes.
  • ImageDigestMirrorSets (IDMS) now supported. Red Hat OpenShift Service on AWS now supports ImageDigestMirrorSets (IDMS), enabling clusters to redirect image pulls to a private, mirrored registry. This critical enhancement means customers in air-gapped or restricted networks can host their own mirrors for third-party images while satisfying strict security and compliance requirements. For more information, see Image registry mirroring for Red Hat OpenShift Service on AWS.
  • Red Hat OpenShift Service on AWS regions added. Red Hat OpenShift Service on AWS is now available in the following regions:

  • Extended Update Support (EUS) channel group now available. You can now select the EUS channel group when creating or editing your Red Hat OpenShift Service on AWS cluster. The EUS channel group allows you to extend the life cycle of your even-numbered version Red Hat OpenShift Service on AWS cluster, giving you additional time to plan and budget for future upgrades as well as providing continued security patches and critical bug fixes. For additional information, see Life cycle dates.

1.2. Q3 2025

  • New cluster deletion policy. Red Hat OpenShift Service on AWS clusters now have a new deletion policy. This policy is based on a set time period of customer non-response to service notifications. For more information, see Deletion policy. For specific revised terms and conditions, refer to Product Appendix 4.
  • Shared VPC for Red Hat OpenShift Service on AWS clusters. You can create Red Hat OpenShift Service on AWS clusters in shared, centrally-managed AWS virtual private clouds (VPCs). For more information, see Configuring a shared VPC for ROSA with HCP clusters.
  • Deprecated --private-link flags for Red Hat OpenShift Service on AWS clusters. Architectural changes to the ROSA CLI 1.2.55 make networking more flexible for Red Hat OpenShift Service on AWS clusters. The --private-link flag previously used when creating a Red Hat OpenShift Service on AWS cluster is now deprecated in favor of the --private and --default-ingress-private flags. Now, users can choose to have a combination of a public or private API with a public or private ingress. For more information, see Creating a private cluster on Red Hat OpenShift Service on AWS.
  • Changed default ingress listening method to begin with Day 1 operations. Previously, the default ingress listening method was a Day 2 operation. Now, the default ingress listening method is a Day 1 operation.

1.3. Q2 2025

  • Updated version requirements for migration from OpenShift SDN to OVN-Kubernetes. Your cluster version must be 4.16.43 or above to initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin.

    If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to future major versions of Red Hat OpenShift Service on AWS without migrating to OVN-Kubernetes.

  • AWS Trainium and Inferentia instance types now supported. You can now use Amazon Web Services (AWS) Trainium and Inferentia instance types for your Red Hat OpenShift Service on AWS clusters. For more information, see Red Hat OpenShift Service on AWS instance types.
  • New version of Red Hat OpenShift Service on AWS available. Red Hat OpenShift Service on AWS version 4.19 is now available for new clusters. For more information about upgrading to this latest version, see Upgrading ROSA with HCP clusters.

1.4. Q1 2025

  • Cluster autoscaling is now available for Red Hat OpenShift Service on AWS. You can configure cluster autoscaling for Red Hat OpenShift Service on AWS. For more information, see Cluster autoscaling.
  • Red Hat OpenShift Service on AWS region added. Red Hat OpenShift Service on AWS is now available in the following regions:

    • Malaysia (ap-southeast-5)
    • Tel Aviv (il-central-1)
    • Calgary (ca-west-1)

      For more information on region availabilities, see Regions and availability zones.

  • New version of Red Hat OpenShift Service on AWS available. Red Hat OpenShift Service on AWS version 4.18 is now available. For more information about upgrading to this latest version, see Upgrading Red Hat OpenShift Service on AWS clusters.
  • Graphical installer enhancements. You can now use the graphical installer in Red Hat Hybrid Cloud Console to configure the following options when you create your cluster:

    • Configure a cluster-admin user and optionally define a custom password.
    • Configure the root disk size for the default machine pool.
  • Image configuration is now available for Red Hat OpenShift Service on AWS. You can configure registries within a cluster to exclude some registries or allow only a defined list. It also allows to expose additional trusted bundle for registries to pull from. For more information, see Image configuration resources for Red Hat OpenShift Service on AWS.
  • Red Hat OpenShift Service on AWS now creates independent security groups for the AWS PrivateLink endpoint and worker nodes. Red Hat OpenShift Service on AWS clusters version 4.17.2 and greater can now add additional AWS security groups to the AWS PrivateLink endpoint to allow additional ingress traffic to the cluster’s API. For more information, see Adding additional AWS security groups to the AWS PrivateLink endpoint.
  • Egress zero is now generally available on Red Hat OpenShift Service on AWS clusters. You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the --properties zero_egress:true flag when creating your cluster. For more information, see Creating a Red Hat OpenShift Service on AWS clusters with egress zero.

1.5. Q4 2024

  • Create a VPC using the ROSA CLI. The rosa create network command lets you use the ROSA CLI to create a VPC for your cluster based on an AWS CloudFormation template. You can use this command to create and configure a VPC before creating your cluster. For more information, see create network.
  • Create additional security groups in Red Hat OpenShift Service on AWS clusters. Starting with ROSA CLI version 1.2.47, you can now create additional security groups using the ROSA CLI when creating Red Hat OpenShift Service on AWS clusters. Note that additional security group IDs attached to the machine pool cannot be modified. To remove or add more security group IDs, replace the entire machine pool with a new one.
  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.
  • VolumeDetachTimeout configuration applied to machine pools for Red Hat OpenShift Service on AWS. Red Hat OpenShift Service on AWS is applying a VolumeDetachTimeout configuration of 5 minutes to all machine pools. This prevents issues with node deletion when volumes fail to detach.
  • Configure machine pool disk volume for Red Hat OpenShift Service on AWS clusters. You can now configure the disk volume size for machine pools in Red Hat OpenShift Service on AWS clusters. The default disk size is 300 GiB, and you can configure it from a minimum of 75 GiB to a maximum of 16,384 GiB. For more information, see Configuring machine pool disk volume.
  • Edit the billing account for existing Red Hat OpenShift Service on AWS clusters. You can now update the billing account associated with your Red Hat OpenShift Service on AWS clusters after cluster creation. For more information, see Updating billing accounts for OpenShift Service on AWS Hosted Control Planes clusters.

1.6. Q3 2024

  • Red Hat OpenShift Service on AWS multi-architecture cluster update. Red Hat OpenShift Service on AWS clusters created before 25 July, 2024 will migrate to a multi-architecture image on their next upgrade allowing you to use Amazon Web Services (AWS) Arm-based Graviton instance types for your workloads. For more information, see Upgrading ROSA with HCP clusters.
  • Red Hat OpenShift Service on AWS cluster node limit update. Red Hat OpenShift Service on AWS clusters can now scale to 500 worker nodes. This is an increase from the previous limit of 250 nodes. The 250 node limit is an increase from the previous limit 90 nodes on 26 August, 2024.
  • IMDSv2 support in Red Hat OpenShift Service on AWS. You can now enforce the use of the IMDSv2 endpoint for default machine pool worker nodes on new Red Hat OpenShift Service on AWS clusters and for new machine pools on existing clusters. For more information, see Creating a default Red Hat OpenShift Service on AWS cluster using Terraform.
  • Upgrade multiple nodes simultaneously. You can now configure a machine pool to upgrade multiple nodes simultaneously. Two new machine pool parameters, max-surge and max-unavailable, give you greater control over how machine pool upgrades occur. For more information, see Upgrading Red Hat OpenShift Service on AWS clusters.
  • Red Hat OpenShift Service on AWS Graviton Arm-based instance types. You can now use Amazon Web Services (AWS) Arm-based Graviton instance types for your workloads in Red Hat OpenShift Service on AWS clusters created after 24 July, 2024. For more information, see AWS Graviton Arm-based instance types.
  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.

1.7. Q2 2024

  • Approve additional principals for Red Hat OpenShift Service on AWS clusters. You can approve additional user-roles to connect to your cluster’s private API server endpoint. For more information, see Additional principals on your Red Hat OpenShift Service on AWS cluster.
  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.
  • Approved Access for Red Hat OpenShift Service on AWS clusters. Red Hat Site Reliability Engineering (SRE) managing and proactively supporting Red Hat OpenShift Service on AWS clusters will typically not require elevated access to customer clusters as part of the normal operations. In the unlikely event should Red Hat SRE (Site Reliability Engineer) need elevated access, the Approved Access functionality provides an interface for customers to review and approve or deny access requests.

    Elevated access requests to Red Hat OpenShift Service on AWS clusters and the corresponding cloud accounts can be created by Red Hat SRE either in response to a customer-initiated support ticket or in response to alerts received by a Red Hat SRE, as part of the standard incident response process. For more information, see Approved Access.

  • rosa command enhancement. The rosa describe command has a new optional argument, --get-role-policy-bindings. This new argument allows users to view the policies attached to STS roles assigned to the selected cluster. For more information, see describe cluster.
  • Expanded customer-managed policy capabilities. You can now attach customer-managed policies to the IAM roles required to run Red Hat OpenShift Service on AWS clusters. Furthermore, these customer-managed policies, including the permissions attached to those policies, are not modified during cluster or role upgrades. For more information, see Customer-managed policies.
  • Red Hat OpenShift Service on AWS regions added. Red Hat OpenShift Service on AWS is now available in the following regions:

    • Zurich (eu-central-2)
    • Hong Kong (ap-east-1)
    • Osaka (ap-northeast-3)
    • Spain (eu-south-2)
    • UAE (me-central-1)

      For more information on region availabilities, see Regions and availability zones.

  • Added support for external authentication providers. You can now create clusters configured with external authentication providers, such as Microsoft Entra ID and KeyCloak. For more information, see Creating Red Hat OpenShift Service on AWS clusters with external authentication.
  • Longer cluster names enhancement. You can now specify a cluster name that is longer than 15 characters. For cluster names that are longer than 15 characters, you can customize the domain prefix for the cluster URL by using the domain-prefix flag in the ROSA CLI (rosa) or by selecting the Create custom domain prefix checkbox in the Red Hat Hybrid Cloud Console. For more information, see create cluster in Managing objects with the ROSA CLI.
  • Additional Security Groups for Red Hat OpenShift Service on AWS. Starting with ROSA CLI version 1.2.37, you can now use the --additional-security-group-ids <sec_group_id> when creating machine pools on ROSA with HCP clusters. For more information, see Creating a machine pool using the ROSA CLI and the create machinepool section of the ROSA CLI reference.
  • Node management improvements. Now, you can perform specific tasks to make clusters more efficient. You can cordon, uncordon, and drain a specific node. For more information, see Working with nodes.
  • Node drain grace periods. You can now configure node drain grace periods in ROSA with HCP clusters with the rosa CLI.

    For more information about configuring node drain grace periods, see Configuring node drain grace periods in Red Hat OpenShift Service on AWS.

1.8. Q1 2024

  • Machine pool update. You can now upgrade machine pools that are configured on ROSA with HCP clusters. For more information, see upgrade machinepool.
  • Red Hat OpenShift Service on AWS regions added. Red Hat OpenShift Service on AWS is now available in the following regions:

    • Hyderabad (ap-south-2)
    • Milan (eu-south-1)
    • London (eu-west-2)
    • Mumbai (ap-south-1)
    • Cape Town (af-south-1)
    • Seoul (ap-northeast-2)
    • Stockholm (eu-north-1)

      For more information on region availabilities, see Regions and availability zones.

  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.
  • Log linking is enabled by default. Beginning with Red Hat OpenShift Service on AWS 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods.
  • Availability zone update. You can now optionally select a single availability zone (AZ) for machine pools when you have a multi-AZ cluster. For more information, see Creating a machine pool using the ROSA CLI.
  • Delete cluster command enhancement. With the release of ROSA CLI (rosa) version 1.2.31, the --best-effort argument was added, which allows you to force-delete clusters when using the rosa delete cluster command. For more information, see delete cluster.

1.9. Known issues

  • The OpenShift Cluster Manager roles (ocm-role) and user roles (user-role) that are key to the Red Hat OpenShift Service on AWS provisioning wizard might get enabled accidentally in your Red Hat organization by another user. However, this behavior does not affect the usability.
  • The htpasswd identity provider does not function as expected in all scenarios against the rosa create admin function.

1.9.1. Deprecated and removed features

Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat OpenShift Service on AWS and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.

  • Disable workload monitoring. Previously, users could disable workload monitoring on Red Hat OpenShift Service on AWS clusters. However, to allow users to own the full Cluster Monitoring Operator (CMO) stack on Red Hat OpenShift Service on AWS clusters, the ability to disable workload monitoring has been deprecated. For more information, see Preparing to configure the user workload monitoring stack.
  • Label removal on core namespaces. Red Hat OpenShift Service on AWS is no longer labeling OpenShift core using the name label. Customers should migrate to referencing the kubernetes.io/metadata.name label if needed for Network Policies or other use cases.

Legal Notice

Copyright © 2025 Red Hat

OpenShift documentation is licensed under the Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0).

Modified versions must remove all Red Hat trademarks.

Portions adapted from https://github.com/kubernetes-incubator/service-catalog/ with modifications by Red Hat.

Red Hat, Red Hat Enterprise Linux, the Red Hat logo, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat