Chapter 8. Red Hat Cloud Access program overview


As part of your relationship with Red Hat, you are eligible to receive a number of benefits when running Red Hat products on the public cloud. These benefits make it easier for you to use Red Hat products and services.

These include gold images, which allow you to deploy Red Hat products in certified cloud and service providers, and also makes it simple to connect your systems to the Red Hat Content Delivery Network and analytic services such as Red Hat Insights.

8.1. Understanding gold images

Red Hat gold images are cloud-ready Red Hat virtual machine (VM) images available in select Red Hat Certified Cloud and Service Providers (CCSP) environments for Cloud Access customers. These images provide customers with an alternative to creating and using their own custom images from their own previously purchased subscriptions. Gold images are built and maintained by a trusted source and are available to customers with valid Red Hat subscriptions.

You can use gold images to deploy Red Hat instances in the cloud without having to build, maintain, and import your own images into the cloud provider’s environment.

8.1.1. When should I use a gold image?

Gold images are useful when you require little customization of the operating system or you will apply your customizations to the system at runtime, using an automation tool, such as Red Hat Ansible Automation Platform.

8.1.2. When should I not use a gold image?

Gold images are less useful if you require extreme customization of the operating system at build time, or if you prefer to include the customizations into the image itself. For example, many security hardening specifications, such the the DISA STIG require users to have exacting partition layouts. Gold images will generally not meet these requirements by default. It is recommended that RHEL image builder be used to create custom images for these types of stringent requirements.

8.1.4. Updates and repository availability

Options for delivering updates and patches to cloud instances deployed from gold images vary by image type and cloud provider.

8.2. Using gold images on Amazon Web Services (AWS)

Gold images can be used to provision VMs in AWS by using the standard interfaces: AWS GUI, AWS CLI, EC2 Console and AWS PowerShell Cmdlet.

AWS is preconfigured to use the Red Hat Update Infrastructure (RHUI).

AWS gold images meet the following conditions:

  • Built, maintained, and published by Red Hat
  • Available in AWS commercial regions but not in China or GovCloud (US)
  • Preconfigured to use the Red Hat Update Infrastructure (RHUI) running in EC2
  • RHEL, RHEL for SAP, Red Hat Middleware, and Red Hat Storage images

8.2.1. Naming and identifying gold images on AWS

There are multiple ways to search for and launch RHEL Amazon Machine Images (AMIs) in AWS. This includes the EC2 Management Console, AWS CLI, and PowerShell Cmdlet. The naming convention for the Red Hat AMIs in AWS is listed below.

  • Initial GA AMI release: [Red Hat Product]-[Version]-[Virtualization Type]_[Red Hat Release Type]-[Release Date]-[Minor Version Release AMI Iteration]-[Subscription Model]-[EBS Volume Type]
  • After the initial GA AMI release: [Red Hat Product]-[Version]-[Virtualization Type]-[Release Date]-[Minor Version Release AMI Iteration]-[Subscription Model]-[EBS Volume Type]
Note

The Red Hat gold images will have the designation of Access in the AMI Name representing the subscription model.

Red Hat gold images are published under the Owner ID 309956199498. You can ensure that you are using official Red Hat gold images by looking for this Owner ID when you choose an image.

8.2.2. Locating gold images in the AWS GUI

  1. Go to the Hybrid Cloud Console and sign in to your Red Hat account.
  2. Create a connection between your Red Hat account and your cloud provider account in the Integrations application.

    1. Select the Settings icon.
    2. Click Integrations.
  3. Select Amazon Web Services.
  4. Enter a descriptive name for the source, for example, AWS_prod, and click Next.
  5. Select the configuration mode you want to use:

    • Account Authorization: When selecting this option, you will provide your AWS access key ID and secret access keys so that Red Hat can verify ownership of the cloud account. Additionally, this information is saved so that additional Red Hat services (such as cost management) can be configured.

      Note

      On the Select applications page, RHEL management is selected by default. This selection is required.

    • Manual Authorization: When selecting this option, you will provide an Amazon Resource Number (ARN) which will be used only for this service.

8.2.3. Locating gold images in the AWS CLI

This example command displays all of the RHEL 8.3 AMIs in the US-East-1 region that were shared with the AWS account provided during enrollment in Cloud Access using the AWS CLI. The AWS CLI Command Reference provides additional documentation regarding available options, commands, subcommands, and parameters.

Copy to Clipboard Toggle word wrap
$ aws ec2 describe-images --owners 309956199498 \
> --filters "Name=is-public,Values=false" \>
"Name=name,Values=RHEL*8.3*GA*Access*" \
> --region us-east-1

8.2.4. Locating gold images in the AWS EC2 Console

When working in the EC2 Management Console, there is a menu item for AMIs under the IMAGES section within the left-side navigation pane. In this view, using the designation of Private images displays the gold images that have been shared with the AWS account provided during enrollment.

Note

When in this section of the EC2 Management Console, it is possible to add a filter of Owner : 309956199498, which limits the displayed AMIs to those that were shared with the AWS account after enrolling in Cloud Access.

It is possible to further filter the list of displayed AMIs by adding an additional filter representing different aspects of the AMI Name that Red Hat uses, such as AMI Name : RHEL, AMI Name :.

An example AMI Name is RHEL-8.3.0_HVM-20201031-x86_64-0-Access2-GP2.

If you use the Launch Instance button from the EC2 Dashboard section of the EC2 Management Console and you select My AMIs, the filter Shared with me filters the listed AMIs to show the gold images that have been shared with the AWS account provided during enrollment.

8.2.5. Locating gold images in the AWS PowerShell Cmdlet

This example command displays all of the RHEL 8.3 AMIs in the US-East-1 region that were shared with the AWS account provided during enrollment in Cloud Access using the AWS Tools for Cmdlet.

Copy to Clipboard Toggle word wrap
PS > Get-EC2Image -Region us-east-1 `
>> -Owner 309956199498 -Filter `
>> @{ Name="name" ; Values="RHEL*8.3*" }

8.3. Using gold images on Azure

Gold images can be used to provision RHEL VMs in Azure for bring your own subscription (BYOS) by using the standard interfaces: Azure Portal, Azure CLI, or PowerShell Cmdlet.

Azure gold images meet the following conditions:

  • Built, maintained, and published by Microsoft
  • Available in Azure commercial regions but not in China or government regions.
  • RHEL images only
  • Not eligible for Azure Hybrid Benefit

8.3.1. Naming and identifying gold images on Azure

There are multiple ways to search for and launch RHEL gold images in Azure. This includes the Azure Portal, Azure CLI, and PowerShell Cmdlet. The naming convention for the Red Hat gold images in Azure is RedHat:[Offering Name]:[Red Hat Product]-[OS Disk Type]-[Azure VM Generation]:[Red Hat Version].[Red Hat Release].[Image Creation Date].

An example gold image Uniform Resource Name (URN) is RedHat:rhel-byos:rhel-lvm8-gen2:8.0.20200715.

8.3.2. Locating gold images using Azure Lighthouse

Procedure

  1. Enter a descriptive name for the source, for example, Azure_build, and click Next.
  2. Select the RHEL management bundle service and click Next.

    Note

    Cost Management is only used for Red Hat OpenShift Container Platform.

  3. Follow the steps to create an offline token.
  4. Complete the configuration steps in Azure Lighthouse.
  5. When you return to the wizard, click Next.
  6. Log in to your Azure account and navigate to your subscriptions. Copy the subscription ID that you want to use and paste it into the Subscription ID field.
  7. Click Next.
  8. Review the details of your integration, and then click Add to add the integration.

If you want to complete registration in Azure with an Ansible script, use the following steps:

Prerequisites

You can run the Ansible commands on any system with package ansible-galaxy installed that also has access to an Azure instance running inside your Azure account.

Procedure

  1. Follow the steps to create an offline token. See Red Hat API Tokens to generate an offline token.

    Note

    If you have generated an offline token in the last thirty days, you do not need to generate a new token.

  2. Save the offline token where it can be easily accessed for the next step.
  3. Download the Ansible playbook and run the Ansible commands remotely against a running Azure VM, substituting your Azure instance hostname or IP address and your offline token.

    Copy to Clipboard Toggle word wrap
    [user@machine ~] ansible-galaxy collection install redhatinsights.subscriptions
    
    [user@machine ~] ansible-playbook -i <{Microsoft}_VM_HOSTNAME_OR_IP>, -u azureuser -b ~/.ansible/collections/ansible_collections/redhatinsights/subscriptions/playbooks/verify_account.yml -e rh_api_refresh_token=<OFFLINE_AUTH_TOKEN> --private-key ./<PEM_FILE_FOR_VM_AUTH>

    You can also run the following commands directly on a running Azure VM:

    Copy to Clipboard Toggle word wrap
    [azureuser@vm ~]$ ansible-galaxy collection install redhatinsights.subscriptions
    
    [azureuser@vm ~]$ ansible-playbook -i <AZURE_VM_HOSTNAME>, --connection=local -b ~/.ansible/collections/ansible_collections/redhatinsights/subscriptions/playbooks/verify_account.yml -e rh_api_refresh_token=<OFFLINE)AUTH_TOKEN>
    Note

    The integration will be displayed in the Integrations list, but will not reflect true status or resources for this integration. You cannot monitor this integration from the Integrations service in the Hybrid Cloud Console.

  4. When the Ansible commands complete successfully, click Next.
  5. Review the details and then click Add to finish the Azure integration creation.

You can use the Integrations configuration dashboard to view, modify, or remove any of your cloud integrations. This dashboard also provides links where you can learn more about related Red Hat services, such as Insights and the subscriptions service.

Additional resources

8.3.3. Locating gold images in the Azure CLI

  1. Make sure that you are using an Azure subscription that was enabled for Cloud Access.

    Copy to Clipboard Toggle word wrap
    az account show
  2. Display the list of available RHEL gold images.

    Copy to Clipboard Toggle word wrap
    az vm image list --publisher RedHat --offer rhel-byos --all
  3. Find the gold image version you want to use and copy the URN. You need this URN to provision a VM.

8.3.4. Locating gold images in the Azure PowerShell Cmdlet

This example command displays all of the RHEL gold images in the US East region that were shared with the Azure account provided during enrollment in Cloud Access.

Copy to Clipboard Toggle word wrap
Get-AzVMImageSku -Location "East US" -PublisherName RedHat -Offer rhel-byos

8.3.5. Using gold images on Azure

Using the Azure Portal

  1. View the private offers as described in Steps 3 and 4 of Locating gold images in Azure Lighthouse
  2. Click the Create drop-down menu to select the RHEL gold image version that you want to use. The remaining provisioning steps are the same as any other RHEL Marketplace image.

Using the Azure CLI

  1. Use the image URN from Step 3 of Locating gold images in the Azure CLI to accept Azure terms (only once per Azure Subscription, per image).

    Copy to Clipboard Toggle word wrap
    az vm image terms accept --urn RedHat:rhel-byos:rhel-lvm8-gen2:8.0.20200715
Note

You must have a resource group defined before you run the following command.

  1. Provision a VM by using the az vm create command.

    Copy to Clipboard Toggle word wrap
    az vm create -n my-rhel-byos-vm -g my-rhel-byos-group --image RedHat:rhel-byos:rhel-lvm8-gen2:8.0.20200715

8.4. Using gold images on Google

Gold images can be used to provision RHEL VMs in Google Cloud for bring your own subscription (BYOS) by using the standard interfaces: Google Cloud Console, Google Cloud shell, and gcloud CLI.

Google Cloud gold images meet the following conditions:

  • Built, maintained, and published by Google
  • Available in Google Cloud commercial regions
  • RHEL images only

The following steps show how to identify the gold images and deploy a RHEL VM from a gold image by using the Google Cloud Console UI, Google Cloud Cloud Shell, and gcloud CLI.

8.4.1. Naming and identifying gold images on Google

After your Google group has been granted access to the Google Cloud gold images, you will be able to find them in the rhel-byos-cloud google project. This is a special project that limits access to the RHEL gold images for only Cloud Access customers.

The naming convention for Red Hat gold images in Google Cloud is: [Red Hat Product]-[Version]-byos-[Image Creation Date].

Examples:

  • rhel-7-byos-v20210916
  • rhel-8-byos-v20210916

8.4.2. Locating gold images in the Google Cloud console

Procedure

  1. Sign in to the Google Cloud console at Google Cloud using a Google group or account that has been enabled for Cloud Access.
  2. Create or select the project where you want to deploy the RHEL VM.
  3. Verify you can see the RHEL gold images.

    1. Open a Cloud Shell.
    2. Enter the following command to list all of the available RHEL gold images:

      Copy to Clipboard Toggle word wrap
      gcloud compute images list --project rhel-byos-cloud --no-standard-images

8.4.3. Locating gold images in the gcloud CLI

  1. Make sure that you are using a Google group or account that has been enabled for cloud access:

    Copy to Clipboard Toggle word wrap
    gcloud info | grep account
  2. Display the list of available Red Hat gold images:

    Copy to Clipboard Toggle word wrap
    gcloud compute images list --project rhel-byos-cloud --no-standard-images
  3. View details of a specific image:

    Copy to Clipboard Toggle word wrap
    gcloud compute images describe rhel-8-byos-v20210916 --project rhel-byos-cloud

8.4.4. Creating a new Red Hat Enterprise Linux VM using a Google gold image

Procedure

Using the Google Cloud Console

  1. Navigate to Google Cloud Console>Home>Dashboard.
  2. From the Navigation menu, select Compute Engine>VM Instances.
  3. Click Create Instances.
  4. Find the Boot Disk section on the VM instance configuration page and click Change.
  5. Select the Custom Images tab.
  6. Click Select A Project and select the rhel-byos-cloud project.
  7. From the Images dropdown list, choose the gold image that you want to use and click Select.
  8. Change any other VM instance configuration settings and then click Create.

Using the Google Cloud shell or gcloud CLI

  1. Use the gcloud compute images list command to find the name of the gold image that you want to use.
  2. Create a new RHEL VM:

    Copy to Clipboard Toggle word wrap
    gcloud compute instances create my-rhel8-byos --image rhel-8-byos-v20210916 --image-project rhel-byos-cloud --zone us-east1-b
  3. View details of the new RHEL VM:

    Copy to Clipboard Toggle word wrap
    gcloud compute instances describe my-rhel8-byos --zone us-east1-b

8.5. Understanding auto-registration

In certain cloud providers, Red Hat supports an account-wide registration method known as auto-registration. When auto-registration is enabled, instead of running a command on each system to register it to Red Hat, an administrator can configure their cloud provider account such that any kind of Red Hat Enterprise Linux that is instantiated in that cloud provider account will automatically connect to Red Hat.

Auto-registration allows Red Hat Enterprise Linux systems within a trusted cloud provider account to register to Red Hat and connect to systems for Red Hat Insights analytics, usage reporting, and content updates without additional manual configuration by the system administrator.

For example:

  • Prior to the existence of auto-registration, to register a system to Red Hat for updates or analytics, an administrator would run the subscription-manager command or the rhc command on each system to connect them.
  • With auto-registration, these steps are no longer required. Systems in a trusted cloud account will automatically connect to Red Hat updates and Red Hat Insights.

Auto-registration requires three core components:

  • A version of the subscription-manager package which can (and has been explicitly configured to) perform the auto-registration process for the cloud provider in question.
  • A service hosted by Red Hat which maintains a mapping of Red Hat accounts and cloud provider accounts.
  • An interface to allow the user to associate their Red Hat account with their cloud provider account.

Figure 8.1. Cloud-based auto-registration workflow

Cloud Based Auto-Registration for Red Hat Enterprise Linux
Note

Beginning with Red Hat Enterprise Linux 9.6 or later versions, and Red Hat Enterprise Linux 10 or later versions, a newer version of the auto-registration function is available in RHEL as part of the subscription-manager package. For the purpose of clarity, and to distinguish behavior from the previous version of the auto-registration function, this documentation refers to the newer version of auto-registration function as version 2.

Currently, version 2 of the auto-registration function is included in certain RHEL third party marketplace images (images sold by Red Hat). These images are currently made available on Amazon Web Services and Microsoft Azure cloud provider marketplaces.

For more information about the differences in version 2 of auto-registration, see Registering systems with auto-registration version 2.

8.5.1. What cloud providers support auto-registration

Amazon Web Services (AWS), Microsoft Azure, and Google Cloud support auto-registration. Government or disconnected regions (such as AWS GovCloud or Microsoft Azure Government) do not support auto-registration.

8.5.2. How do I know if my system supports auto-registration?

Red Hat Enterprise Linux versions 7.9.z, 8.3.1, 9.0 or later all support auto-registration.

8.5.3. How do I know if my system is configured to use auto-registration?

You can confirm if your system is using auto-registration by running the subscription-manager config command, which displays the contents of the /etc/rhsm/rhsm.conf file.

Copy to Clipboard Toggle word wrap
[server]

hostname = [subscription.rhsm.redhat.com]
insecure = [0]
no_proxy = []
port = [443]
prefix = [/subscription]
proxy_hostname = []
proxy_password = []
proxy_port = []
proxy_scheme = [http]
proxy_user = []
server_timeout = [180]
ssl_verify_depth = [3]

[rhsm]

auto_enable_yum_plugins = [1]
baseurl = [https://cdn.redhat.com]
ca_cert_dir = [/etc/rhsm/ca/]
consumercertdir = [/etc/pki/consumer]
entitlementcertdir = [/etc/pki/entitlement]
full_refresh_on_yum = [0]
inotify = [1]
manage_repos = 0
package_profile_on_trans = [0]
pluginconfdir = [/etc/rhsm/pluginconf.d]
plugindir = [/usr/share/rhsm-plugins]
productcertdir = [/etc/pki/product]
repo_ca_cert = /etc/rhsm/ca/redhat-uep.pem
repomd_gpg_url = []
report_package_profile = [1]

[rhsmcertd]

auto_registration = 1
auto_registration_interval = [60]
autoattachinterval = [1440]
certcheckinterval = [240]
disable = [0]
splay = [1]

[logging]
default_log_level = [INFO]

[] - Default value in use

There are four key settings for auto-registration:

auto_registration = 1
This setting determines whether subscription-manager attempts to register through auto-registration. The default value for this setting is 0, where no auto-registration is attempted. For a value of 1, auto-registration is attempted. The value of this setting is changed to a value of 1 during the production of cloud images for the cloud marketplaces that support auto-registration.
auto_registration_interval = 60

This setting defines the interval by which auto-registration is attempted. Auto-registration is attempted three times per invocation of the rhsmcertd service, with each instance occurring at this interval. For example, if this value is set to 60, a system will attempt to auto-register three times, 60 minutes apart. If auto-registration is unsuccessful after three tries, the rhsmcertd service issues no further registration attempts until the service is restarted.

Note

In cloud images, rhsmcertd service is configured to run at boot time, so a restart of the instance also restarts the rhsmcertd service and the auto-registration attempts.

manage_repos = 0
This setting determines how subscription-manager manages the Red Hat Content Delivery Network provided code content in the /etc/yum.repos.d/redhat.repo file. The default value is 1, which allows Red Hat Enterprise Linux systems to use content from either the CDN or a Red Hat Satellite Server. However, content in public clouds is generally delivered through Red Hat Update Infrastructure (RHUI), so this value is set to 0 for auto-registration. A hybrid approach that uses both RHUI and the CDN for updates is uncommon, but can be supported by setting this value back to its default value of 1.
splay = 1
This setting applies a random offset during registration to randomize the check-in of systems. This random offset distributes workload so that a large number of systems that are started at approximately the same time do not check in at the same time.

8.5.4. Configuring the system to use Red Hat Insights

After a system is registered, you can configure the system to use the Insights services. You can do this with two methods, either by running the insights-client -register command, or by running the rhc connect command. Depending on your version of Red Hat Enterprise Linux and the configuration of your cloud images, the redhat-cloud-client-configuration package might be installed with the image. In this scenario, it is not necessary to run a command to configure the system to use the Insights services. This configuration is done automatically in that case.

8.5.5. Registering systems with auto-registration version 2

An updated version of the auto-registration function is available in RHEL in the subscription-manager package for Red Hat Enterprise Linux 9.6 or later versions, and Red Hat Enterprise Linux 10 or later versions. This version 2 of the auto-registration function is included in certain cloud provider RHEL third party marketplace images (images sold by Red Hat). These images are currently made available on the Amazon Web Services and Microsoft Azure cloud provider marketplaces.

In addition to the existing benefits of the previous version of auto-registration, where Red Hat Enterprise Linux systems in a trusted cloud provider account can automatically register to Red Hat and connect to services for Red Hat Insights analytics, usage reporting, and content updates, version 2 of auto-registration includes the following enhancements:

  • A new enablement for the registration of systems regardless of the existence of a Red Hat account at the time of purchase, through the registration of those systems to an anonymous Red Hat organization that is unique to the cloud provider account.
  • A new method to claim the contents from the anonymous organization into a non-anonymous Red Hat organization by creating a trusted connection between the cloud provider account and a Red Hat account.
  • A new simplified mechanism for establishing this trusted connection, in addition to the existing mechanism through the Red Hat Hybrid Cloud Console Integrations service.

The following optimized workflow demonstrates the steps for working with the updated auto-registration function, summarizing the process from making a cloud purchase of an eligible subscription, completing post-purchase steps, and linking your cloud provider and Red Hat accounts to take advantage of the automation in auto-registration version 2.

Note

These steps begin with a recommendation to create a Red Hat account if you do not have one. For pre-paid annual cloud provider marketplace subscriptions, creation of a Red Hat account is not required to make a purchase. However, creating a Red Hat account first includes the following benefits:

  • Streamlines the account connection and subsequent registration process.
  • Provides access to additional benefits such as systems management and analytics through Red Hat Insights services, and systems usage reporting and subscription inventory information through the subscription services.
  • Provides access to the Red Hat Knowledgebase, including restricted Red Hat Knowledgebase articles and solutions. For more information, see the Red Hat customers from a public cloud marketplace accessing knowledgebase article.
  • Provides easier access to Red Hat Support. Without an account, you must contact Red Hat Support directly by telephone. With an account, you can also use the Red Hat Support web client at Contact Red Hat to open support cases.

If you decide that you will not create a Red Hat account before your purchase, the subscriptions that you purchase will be assigned to an anonymous Red Hat organization that is unique to your cloud provider account. You can later claim the anonymous organization and the subscriptions in it by creating a connection between your cloud provider account and your Red Hat account. This claim process also uses the steps in the following procedure.

  1. Before purchasing a cloud provider marketplace subscription for RHEL, create a Red Hat account if you do not have one. For more information about Red Hat accounts, see Your Red Hat account.
  2. Purchase a third party marketplace subscription (images sold by Red Hat) of RHEL 9.6 or later and RHEL 10 or later. These versions specifically support the newer version 2 auto-registration process.
  3. After the purchase is complete, follow the link to connect your cloud provider account and your Red Hat account. You have two options to complete this step:

    • Option 1: Locate the post-purchase email from the cloud provider that is sent to the email address associated with your cloud account. This email is sent soon after the purchase is complete. Included in that email is a link to help you configure the connection between accounts. Click that link and follow the instructions from your cloud provider.
    • Option 2: In your cloud provider management tools, locate the purchases for this account. Find the new RHEL purchase, click the setup option, and follow the instructions from your cloud provider.
  4. Either of the previous two options opens a page to log in to the Red Hat Hybrid Cloud Console, if you are not already logged in. Enter your Red Hat account credentials to proceed. The Complete your account connection page of the Hybrid Cloud Console opens.

    Note

    From the page to log in to the Red Hat Hybrid Cloud Console, you can also follow the instructions to create a Red Hat account if you do not have one.

  5. Review the terms and conditions for connecting cloud provider accounts and Red Hat accounts and select the Terms and conditions check box to agree. To complete the connection between your accounts, click Connect accounts.

After you complete these steps, the following conditions are true, where the reference to eligible subscriptions is related to the subscriptions that currently support version 2 of auto-registration, RHEL 9.6 or later and RHEL 10 or later.

  • The cloud provider account and the Red Hat account used in these steps are connected.
  • The subscription used in these steps is associated with this Red Hat account and organization.
  • New systems that are instantiated from the image in the subscription are automatically registered to Red Hat subscription management.
  • Other eligible subscriptions currently in this cloud provider account are also associated with this Red Hat account and organization.
  • New systems that are instantiated from these subscriptions are automatically registered to Red Hat subscription management.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat, Inc.