diff --git a/playbooks/openshift-apps/openscanhub.yml b/playbooks/openshift-apps/openscanhub.yml
index 80df66ab96..ebbb4f9f44 100644
--- a/playbooks/openshift-apps/openscanhub.yml
+++ b/playbooks/openshift-apps/openscanhub.yml
@@ -111,6 +111,11 @@
     template: etc-resallocserver-pools-configmap.yml
     objectname: etc-resallocserver-pools-configmap
     when: env == "staging"
+  - role: openshift/object
+    app: openscanhub
+    template: vm-provisioning-configmap.yml
+    objectname: vm-provisioning-configmap
+    when: env == "staging"
   - role: openshift/object
     app: openscanhub
     template: aws-credentials-configmap.yml
diff --git a/roles/openshift-apps/openscanhub/templates/deployment-resalloc-server.yml b/roles/openshift-apps/openscanhub/templates/deployment-resalloc-server.yml
index 67c7ee83f1..929c049c62 100644
--- a/roles/openshift-apps/openscanhub/templates/deployment-resalloc-server.yml
+++ b/roles/openshift-apps/openscanhub/templates/deployment-resalloc-server.yml
@@ -38,6 +38,9 @@ spec:
           - mountPath: /etc/resallocserver/pools.yaml
             name: etc-resallocserver-pools-configmap
             subPath: pools.yaml
+          - mountPath: /etc/resallocserver/vm-provisioning/config
+            name: vm-provisioning-configmap
+            subPath: config
           - mountPath: /var/lib/resallocserver/.aws/credentials
             name: aws-credentials-configmap
             subPath: credentials
@@ -55,6 +58,9 @@ spec:
         - name: etc-resallocserver-pools-configmap
           configMap:
             name: etc-resallocserver-pools-config
+        - name: vm-provisioning-configmap
+          configMap:
+            name: vm-provisioning-config
         - name: aws-credentials-configmap
           configMap:
             name: aws-credentials-config
diff --git a/roles/openshift-apps/openscanhub/templates/vm-provisioning-config b/roles/openshift-apps/openscanhub/templates/vm-provisioning-config
new file mode 100644
index 0000000000..239ec2cc6e
--- /dev/null
+++ b/roles/openshift-apps/openscanhub/templates/vm-provisioning-config
@@ -0,0 +1,29 @@
+env={{ env }}
+
+declare -A \
+    aws_image \
+    aws_instance_type \
+
+# Use `c9s` image from CentOS community.
+# https://www.centos.org/download/aws-images/
+# TODO: We should build a custom image from it by running `osh-worker-role`.
+# That would reduce the time to spin up new workers.
+if [[ "$env" == "staging" ]]; then
+aws_image[x86_64]=ami-0322b3bb1843afd17
+else
+# Only tested images should be promoted to production.
+aws_image[x86_64]=ami-0322b3bb1843afd17
+fi
+
+# We only support `x86_64` arch for OpenScanHub.
+# https://issues.redhat.com/browse/OSH-60
+# aws_image[aarch64]=ami-005c0bc715b4dab5a
+
+# Static analysis requires significant amount of resources.
+# Use as powerful machines as we could.
+# https://aws.amazon.com/ec2/instance-types/c6i/
+# aws_instance_type[x86_64]=c6i.4xlarge
+aws_instance_type[x86_64]=c6i.2xlarge
+# aws_instance_type[aarch64]=t4g.medium
+
+export ANSIBLE_HOST_KEY_CHECKING=False
diff --git a/roles/openshift-apps/openscanhub/templates/vm-provisioning-configmap.yml b/roles/openshift-apps/openscanhub/templates/vm-provisioning-configmap.yml
new file mode 100644
index 0000000000..cbe7cfd28d
--- /dev/null
+++ b/roles/openshift-apps/openscanhub/templates/vm-provisioning-configmap.yml
@@ -0,0 +1,15 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+apiVersion: v1
+kind: List
+metadata: {}
+items:
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: vm-provisioning-config
+    labels:
+      app: openscanhub
+  data:
+    pools.yaml: |-
+      {{ load_file('vm-provisioning-config') }}