diff --git a/docs/platform/concepts/byoc.md b/docs/platform/concepts/byoc.md index 85dfad6d..8a16c182 100644 --- a/docs/platform/concepts/byoc.md +++ b/docs/platform/concepts/byoc.md @@ -1,7 +1,7 @@ --- title: Bring your own cloud (BYOC) sidebar_label: Bring your own cloud -keywords: [AWS, Amazon Web Services, GCP, Google Cloud Platform, private deployment, public deployment, byoc, bring your own cloud, custom cloud] +keywords: [AWS, Amazon Web Services, GCP, Google Cloud Platform, private deployment, public deployment, byoc, bring your own cloud, custom cloud, backup] --- import Tabs from '@theme/Tabs'; @@ -10,6 +10,7 @@ import byocAwsPrivate from "@site/static/images/content/figma/byoc-aws-private.p import byocAwsPublic from "@site/static/images/content/figma/byoc-aws-public.png"; import byocGcpPrivate from "@site/static/images/content/figma/byoc-gcp-private.png"; import byocGcpPublic from "@site/static/images/content/figma/byoc-gcp-public.png"; +import byocHowItWorks from "@site/static/images/content/figma/byoc-how-it-works.png"; _Bring your own cloud_ (BYOC) allows you to use your own cloud infrastructure instead of relying on the Aiven-managed infrastructure. @@ -21,11 +22,30 @@ project, or organization has specific requirements. With BYOC, your Aiven organization gets connected with your cloud provider account by creating _custom clouds_ in your Aiven organization. +## How it works + A custom cloud is a secure environment within your cloud provider account to run Aiven-managed data services. By enabling BYOC, creating custom clouds, and setting up Aiven services within the custom clouds, you can manage your infrastructure on the Aiven platform while keeping your data in your own cloud. +How BYOC works + +1. [Enable BYOC](/docs/platform/howto/byoc/enable-byoc) in your Aiven organization by + setting up a call with the Aiven sales team to share your use case and its requirements. +1. [Create a custom cloud](/docs/platform/howto/byoc/create-custom-cloud) in the Aiven + Console or CLI by providing cloud setup details essential to generate your custom cloud + infrastructure template. +1. **Integrate your cloud account with Aiven** by applying the infrastructure template for + [AWS](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#deploy-the-template) + or + [Google Cloud](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#deploy-the-template). +1. [Deploy services](/docs/platform/howto/byoc/manage-byoc-service) by creating new + Aiven-managed services in the custom cloud or migrating existing Aiven-managed services + to the custom cloud. +1. **View Aiven-managed assets in your cloud account**: You can preview Aiven-managed + services and infrastructure in your cloud account. + ## Why use BYOC Consider using BYOC and custom clouds if you have specific business @@ -49,13 +69,12 @@ needs or project requirements, such as: strategies to save on compute and storage infrastructure costs related to Aiven services. -## Who is eligible for BYOC {#eligible-for-byoc} +## Who is eligible for BYOC The BYOC setup is a bespoke service offered on a case-by-case basis, and not all cloud providers support it yet. You're eligible for BYOC if: -- You use Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure - (excluding Azure Germany), or Oracle Cloud Infrastructure (OCI). +- You use Amazon Web Services (AWS) or Google Cloud. - You have a commitment deal with Aiven. - You have the [Advanced or Premium support tier](/docs/platform/howto/support). @@ -96,7 +115,7 @@ may have and potentially leverage enterprise discounts in certain cases. For a cost estimate and analysis, contact your account team. ::: -## BYOC architecture {#byoc-deployment} +## BYOC architecture @@ -107,21 +126,26 @@ In the AWS private deployment model, a Virtual Private Cloud (**BYOC VPC**) for services is created within a particular cloud region in your remote cloud account. Aiven accesses this VPC from a static IP address and routes traffic through a proxy for additional security. To accomplish this, Aiven -utilizes a bastion host (**Bastion node**) physically separated from the Aiven services +utilizes a bastion host (**Bastion node**) logically separated from the Aiven services you deploy. The service VMs reside in a privately addressed subnet (**Private subnet**) and are accessed by the Aiven management plane via the bastion. They are not -accessible through the Internet. +accessible through the internet. :::note Although the bastion host and the service nodes reside in the VPC under your management (**BYOC VPC**), they are not accessible (for example, via SSH) to anyone outside Aiven. -The bastion and workload nodes require outbound access to the Internet +The bastion and workload nodes require outbound access to the internet to work properly (supporting HA signaling to the Aiven management node and RPM download from Aiven repositories). ::: +Object storage in your AWS cloud account is where service's +[backups](/docs/platform/concepts/byoc#byoc-service-backups) and +[cold data](/docs/platform/howto/byoc/store-data#byoc-tiered-storage) are stored using +two S3 buckets. + @@ -129,18 +153,24 @@ from Aiven repositories). In the AWS public deployment model, a Virtual Private Cloud (**BYOC VPC**) for your Aiven services is created within a particular cloud region in your remote cloud account. -Aiven accesses this VPC through an Internet gateway. Service VMs reside in a publicly +Aiven accesses this VPC through an internet gateway. Service VMs reside in a publicly addressed subnet (**Public subnet**), and Aiven services can be accessed -through the public Internet: the Aiven control plane connects to the nodes +through the public internet: the Aiven control plane connects to the nodes using the public address, and the Aiven management plane can access the service VMs -directly. +directly. To restrict access to your service, you can use the +[IP filter](/docs/platform/howto/restrict-access). + +Object storage in your AWS cloud account is where service's +[backups](/docs/platform/concepts/byoc#byoc-service-backups) and +[cold data](/docs/platform/howto/byoc/store-data#byoc-tiered-storage) are stored using +two S3 buckets. - + -BYOC GCP private architecture +BYOC Google Cloud private architecture -In the GCP private deployment model, a Virtual Private Cloud (**BYOC VPC**) for your Aiven -services is created within a particular cloud region in your remote cloud account. +In the Google Cloud private deployment model, a Virtual Private Cloud (**BYOC VPC**) for +your Aiven services is created within a particular cloud region in your remote cloud account. Within the **BYOC VPC**, there are: - **Public subnet** for the bastion node @@ -148,33 +178,44 @@ Within the **BYOC VPC**, there are: Aiven accesses the **BYOC VPC** from a static IP address and routes traffic through a proxy for additional security. To accomplish this, Aiven -utilizes a bastion host (**Bastion note**) physically separated from the Aiven services +utilizes a bastion host (**Bastion note**) logically separated from the Aiven services you deploy. The service VMs reside in a privately addressed subnet (**Private subnet**) and are accessed by the Aiven management plane via the bastion. They are not -accessible through the Internet. +accessible through the internet. :::note Although the bastion host and the service nodes reside in the VPC under your management (**BYOC VPC**), they are not accessible (for example, via SSH) to anyone outside Aiven. -The bastion and workload nodes require outbound access to the Internet +The bastion and workload nodes require outbound access to the internet to work properly (supporting HA signaling to the Aiven management node and RPM download from Aiven repositories). ::: +Object storage in your Google Cloud organization is +where service's [backups](/docs/platform/concepts/byoc#byoc-service-backups) and +[cold data](/docs/platform/howto/byoc/store-data#byoc-tiered-storage) are stored using +Google **Cloud Storage** buckets. + - + -BYOC GCP public architecture +BYOC Google Cloud public architecture -In the GCP public deployment model, a Virtual Private Cloud (**Workload VPC**) for your -Aiven services is created within a particular cloud region in your remote cloud account. -Aiven accesses this VPC through an Internet gateway. Service VMs reside in a publicly -addressed subnet (**Public subnet**), and Aiven services can be accessed -through the public Internet: the Aiven control plane connects to the nodes +In the Google Cloud public deployment model, a Virtual Private Cloud (**Workload VPC**) +for your Aiven services is created within a particular cloud region in your remote cloud +account. Aiven accesses this VPC through an internet gateway. Service VMs reside in a +publicly addressed subnet (**Public subnet**), and Aiven services can be accessed +through the public internet: the Aiven control plane connects to the nodes using the public address, and the Aiven management plane can access the service VMs -directly. +directly. To restrict access to your service, you can use the +[IP filter](/docs/platform/howto/restrict-access). + +Object storage in your Google Cloud organization is +where service's [backups](/docs/platform/concepts/byoc#byoc-service-backups) and +[cold data](/docs/platform/howto/byoc/store-data#byoc-tiered-storage) are stored using +Google **Cloud Storage** buckets. @@ -182,18 +223,23 @@ Firewall rules are enforced on the subnet level. You can integrate your services using standard VPC peering techniques. All Aiven communication is encrypted. -## BYOC and backups +## BYOC service backups + +Depending on the BYOC service, Aiven takes +[regular service backups](/docs/platform/concepts/service_backups) to enable forking, point +in time recovery (PITR), and disaster recovery. -Depending on the service used, Aiven takes regular backups to enable -forking, point in time recovery (PITR), and disaster recovery. These -backups by default do not reside in your cloud. If there is a -requirement to have all backups in your own cloud account, it's still possible. -To accomplish this, Aiven needs read-write permissions to access the object storage on -your cloud account. +BYOC-hosted services have user-owned backups stored in object storage in your AWS +account or your Google Cloud organization. Backups reside in: + +- S3 buckets for AWS BYOC environments +- Cloud Storage buckets for Google Cloud BYOC environments :::important -All backups are encrypted using Aiven-managed keys, and you are -responsible for managing object storage configurations. + +- All backups are encrypted using Aiven-managed keys. +- You are responsible for managing object storage configuration. + ::: ## Dev tools for BYOC @@ -205,9 +251,8 @@ Aiven deployment model. ## Related pages -- [Enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc) +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc) - [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud) -- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud) -- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud) -- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources) -- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) +- [Store data in custom clouds](/docs/platform/howto/byoc/store-data) +- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service) diff --git a/docs/platform/concepts/service_backups.md b/docs/platform/concepts/service_backups.md index 9a9eacf2..2fee3a9f 100644 --- a/docs/platform/concepts/service_backups.md +++ b/docs/platform/concepts/service_backups.md @@ -334,3 +334,9 @@ backups, see For more information on Aiven for ClickHouse backups, see [Backup and restore](/docs/products/clickhouse/concepts/disaster-recovery). + +## BYOC service backups + +Learn about +[backups for services hosted in custom clouds](/docs/platform/concepts/byoc#byoc-service-backups) +or [bring your own cloud (BYOC)](/docs/platform/concepts/byoc) environments. diff --git a/docs/platform/howto/byoc/add-customer-info-custom-cloud.md b/docs/platform/howto/byoc/add-customer-info-custom-cloud.md index f08b6369..244840c7 100644 --- a/docs/platform/howto/byoc/add-customer-info-custom-cloud.md +++ b/docs/platform/howto/byoc/add-customer-info-custom-cloud.md @@ -86,9 +86,7 @@ team if needed. ## Related pages -- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc) -- [Enable the bring your own cloud (BYOC) feature](/docs/platform/howto/byoc/enable-byoc) -- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud) +- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status) - [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud) +- [Rename a custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) - [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources) -- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) diff --git a/docs/platform/howto/byoc/assign-project-custom-cloud.md b/docs/platform/howto/byoc/assign-project-custom-cloud.md index 90951344..acbe0812 100644 --- a/docs/platform/howto/byoc/assign-project-custom-cloud.md +++ b/docs/platform/howto/byoc/assign-project-custom-cloud.md @@ -105,9 +105,7 @@ custom cloud, you can: ## Related pages -- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc) -- [Enable the bring your own cloud (BYOC) feature](/docs/platform/howto/byoc/enable-byoc) -- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud) +- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status) - [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud) +- [Rename a custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) - [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources) -- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) diff --git a/docs/platform/howto/byoc/create-custom-cloud.md b/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud.md similarity index 62% rename from docs/platform/howto/byoc/create-custom-cloud.md rename to docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud.md index 3fb67629..7e7d1c5f 100644 --- a/docs/platform/howto/byoc/create-custom-cloud.md +++ b/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud.md @@ -1,7 +1,7 @@ --- -title: Create a custom cloud -sidebar_label: Create custom clouds -keywords: [AWS, Amazon Web Services, Microsoft Azure, GCP, Google Cloud Platform, byoc, bring your own cloud, custom cloud, OCI, Oracle Cloud Infrastructure] +title: Create an AWS-integrated custom cloud +sidebar_label: Amazon Web Services +keywords: [AWS, Amazon Web Services, byoc, bring your own cloud, custom cloud] --- import ConsoleLabel from "@site/src/components/ConsoleIcons"; @@ -10,131 +10,45 @@ import TabItem from '@theme/TabItem'; Create a [custom cloud](/docs/platform/concepts/byoc) for BYOC in your Aiven organization to better address your specific business needs or project requirements. -:::note - -- Creating and using custom clouds in your Aiven organization requires - enabling - [the _bring your own cloud (BYOC)_ feature](/docs/platform/concepts/byoc). Check - [who is eligible for BYOC](/docs/platform/concepts/byoc#eligible-for-byoc). To - use the feature, - [enable BYOC in your Aiven organization](/docs/platform/howto/byoc/enable-byoc). -- Enabling - [the BYOC feature](/docs/platform/concepts/byoc) or creating custom clouds in your - Aiven environment does not affect the configuration of your existing organizations, - projects, or services. This only makes the new BYOC capabilities available in your - environment. - -::: - -The process of creating a custom cloud in Aiven differs depending on the -cloud provider to integrate with: - - - -You configure your custom cloud setup in the [Aiven -Console](https://console.aiven.io/) and prepare your own AWS account so -that Aiven can access it. In the [Aiven Console](https://console.aiven.io/), -you follow the **Create custom cloud** workflow to generate a Terraform -infrastructure-as-code (IaC) template. Next, you deploy this template in -your AWS account to acquire IAM Role ARN (Amazon Resource Name). You -supply your IAM Role ARN into the **Create custom cloud** wizard, which -gives Aiven the permissions to securely access your AWS account, create -resources, and manage them onward. Finally, you select projects that can -use your new custom clouds for creating services, and you add customer -contacts for your custom cloud. - - -You create and configure a custom cloud via CLI, and you prepare your remote GCP account so -that Aiven can access it. Using the Aiven CLI, you generate an infrastructure-as-code -(IaC) template in the Terraform format. You download the template and deploy it in your -remote GCP cloud account to generate a privilege-bearing service account (SA), which Aiven -needs for accessing your GCP account only with permissions that are required. - -:::note -Privilege-bearing service account (SA) is an -[identifier](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account) -of the [service account](https://cloud.google.com/iam/docs/service-account-types#user-managed) -created when running the IaC template in your Google account. Aiven [impersonates this -service account](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct) -and runs operations, such as creating VMs for service nodes, in your BYOC account. -::: - -Next, you deploy your custom cloud resources supplying the generated privilege-bearing SA -as a parameter. Finally, you select in which Aiven projects to use your custom cloud, and -you assign a contact person for your custom cloud. - - -If you use Azure or OCI as a cloud provider, you'll have your -custom cloud created by the Aiven team. Just -[enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc) and specify your -requirements. The Aiven team will build your custom cloud according to the specification -you provide. There are no further actions required from you to create your custom cloud. -The Aiven team might reach out to you for more details and will follow up with you to keep -you informed on the progress. - - +To configure a custom cloud in your Aiven organization and prepare your AWS +account so that Aiven can access it: -## Limitations {#byoc-limitations} +1. In the Aiven Console or with the Aiven CLI client, you specify new cloud details to + generate a Terraform infrastructure-as-code template. +1. You download the generated template and deploy it in your AWS account to acquire IAM + Role ARN (Amazon Resource Name). +1. You deploy your custom cloud resources supplying the acquired IAM Role ARN to the Aiven + platform, which gives Aiven the permissions to securely access your AWS account, create + resources, and manage them onward. +1. You select projects that can use your new custom clouds for creating services. +1. You add contact details for individuals from your organization that Aiven can reach out + to in case of technical issues with the new cloud. -- You need at least the Advanced tier of Aiven support services to be - eligible for activating BYOC. +## Before you start - :::note - See [Aiven support tiers](https://aiven.io/support-services) and - [Aiven responsibility matrix](https://aiven.io/responsibility-matrix) for BYOC. - Contact your account team to learn more or upgrade your support tier. - ::: - -- You can create custom clouds yourself (via the BYOC self-service) if your cloud - provider is AWS (in the [Aiven Console](https://console.aiven.io/)) or GCP (via [Aiven - CLI client](/docs/tools/cli/byoc)). - For Azure & OCI, [request creating a custom cloud](/docs/platform/howto/byoc/enable-byoc) - from the Aiven team. -- Only [super admins](/docs/platform/howto/make-super-admin) can create custom clouds. +### Prerequisites -## Prerequisites {#byoc-prerequisites} - - - - You have [enabled the BYOC feature](/docs/platform/howto/byoc/enable-byoc). - You have an active account with your cloud provider. -- Depending on the dev tool to use for creating a custom cloud, you have: - - Access to the [Aiven Console](https://console.aiven.io/) or - - [Aiven CLI client](/docs/tools/cli) installed +- Depending on the tool to use for creating a custom cloud: + - Console: Access to the [Aiven Console](https://console.aiven.io/) or + - CLI: + - [Aiven CLI client](/docs/tools/cli) installed + - Aiven organization ID from the output of the `avn organization list` command or + from the [Aiven Console](https://console.aiven.io/) > + \> . - You have the [super admin](/docs/platform/howto/make-super-admin) role in your Aiven organization. - You have Terraform installed. -- You have required [IAM permissions](#iam-permissions) - - -- You have [enabled the BYOC feature](/docs/platform/howto/byoc/enable-byoc). -- You have an active account with your cloud provider. -- You have the [Aiven CLI client](/docs/tools/cli) installed. -- You have the [super admin](/docs/platform/howto/make-super-admin) role in your Aiven - organization. -- You have [Terraform](/docs/tools/terraform) installed. -- You have required [IAM permissions](#iam-permissions). -- You have your Aiven organization ID from: - - - Output of the `avn organization list` command - - [Aiven Console](https://console.aiven.io/) > - \> . - - - -You have access to the [Aiven Console](https://console.aiven.io/) to -[enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc). - - +- You have required + [IAM permissions](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#iam-permissions). ### IAM permissions You need cloud account credentials set up on your machine so that your user or role has required Terraform permissions -[to integrate with your cloud provider](/docs/platform/howto/byoc/create-custom-cloud#create-cloud). +[to integrate with your cloud provider](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#create-a-custom-cloud). - -
Show permissions required for creating resources for bastion and workload networks @@ -485,65 +399,49 @@ Show permissions required for creating resources for bastion and workload networ ```
- - -
-Show permissions needed by your service account that will run the Terraform script in your -Google project - -- `roles/iam.serviceAccountAdmin` (sets up impersonation to the privilege-bearing service account) -- `roles/resourcemanager.projectIamAdmin` (provides permissions to the privilege-bearing - service account to use your project) -- `roles/compute.instanceAdmin.v1` (manages networks and instances) -- `roles/compute.securityAdmin` (creates firewall rules) -- Enable [Identity and Access Management (IAM) API](https://cloud.google.com/iam/docs/reference/rest) - to create the privilege-bearing service account -- Enable - [Cloud Resource Manager (CRM) API](https://cloud.google.com/resource-manager/reference/rest) - to set IAM policies to the privilege-bearing service account -- Enable - [Compute Engine API](https://console.cloud.google.com/marketplace/product/google/compute.googleapis.com). -
-For more information on Google Cloud roles, see -[IAM basic and predefined roles reference](https://cloud.google.com/iam/docs/understanding-roles) -in the Goodle Cloud documentation. - - -The Aiven team will talk to you to determine required permissions. - - -## Create a custom cloud {#create-cloud} +## Create a custom cloud -How you create a custom cloud in Aiven depends on what cloud provider you use. +Create a custom cloud either in the Aiven Console or with the Aiven CLI. - + #### Launch the BYOC setup -1. Log in to the [Aiven Console](https://console.aiven.io/), and go to a organization. +1. Log in to the [Aiven Console](https://console.aiven.io/), and go to an organization. 1. Click **Admin** in the top navigation, and click in the sidebar. 1. In the **Bring your own cloud** view, select **Create custom cloud**. -#### Generate an infrastructure template {#generate-infra-template} +#### Generate an infrastructure template In this step, an IaC template is generated in the Terraform format. In -[the next step](/docs/platform/howto/byoc/create-custom-cloud#deploy-template), +[the next step](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#deploy-the-template), you'll deploy this template in your AWS account to acquire Role ARN (Amazon Resource Name), which Aiven needs for accessing your AWS account. In the **Create custom cloud** wizard: -1. Specify the following: +1. Specify cloud details: + - Cloud provider + - Region - Custom cloud name + - [Infrastructure tags](/docs/platform/howto/byoc/tag-custom-cloud-resources) - - Cloud provider + Click **Next**. - - Region +1. Specify deployment and storage details: + + - [Deployment model](/docs/platform/concepts/byoc#byoc-architecture) + + Choose between: + - Private model, which routes traffic through a proxy for additional security + utilizing a bastion host logically separated from the Aiven services. + - Public model, which allows the Aiven control plane to connect to the service + nodes via the public internet. - CIDR @@ -580,24 +478,27 @@ In the **Create custom cloud** wizard: cannot change the BYOC VPC CIDR block after your custom cloud is created. - - Deployment model: Choose between - [the private architecture and the public architecture](/docs/platform/concepts/byoc). + - Remote storage (BYOC-hosted) - - Private model routes traffic through a proxy for additional security utilizing - a bastion host physically separated from the Aiven services. - - Public model allows the Aiven control plane to connect to the service nodes - via the public internet. + By default, the following data is stored in object storage in your own cloud account: - - Infrastructure tags: Select key-value pairs to - [tag your custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources). + - Cold data (learn more about the + [BYOC tiered storage](/docs/platform/howto/byoc/store-data#byoc-tiered-storage)) + - Service backups -1. Select **Next**. + :::note + - Data is stored in your object storage using one S3 bucket per custom cloud. + - Permissions for S3 bucket management will be included in the Terraform + infrastructure template to be generated upon completing this step. + ::: + + Click **Generate template**. Your IaC Terraform template gets generated based on your inputs. You can view, copy, or download it. Now, you can use the template to -[acquire Role ARN](/docs/platform/howto/byoc/create-custom-cloud#deploy-template). +[acquire Role ARN](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#deploy-the-template). -#### Deploy the template{#deploy-template} +#### Deploy the template Role ARN is an [identifier of the role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) @@ -607,10 +508,11 @@ role](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) and run operations such as creating VMs for service nodes in your BYOC account. -Use the Terraform template generated in step -[Generate an infrastructure template](/docs/platform/howto/byoc/create-custom-cloud#generate-infra-template) -to create your Role ARN by deploying the template in your -AWS account. Continue working in the **Create custom cloud** wizard: +Use the +[generated Terraform template](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#generate-an-infrastructure-template) +to create your Role ARN by deploying the template in your AWS account. + +Continue working in the **Create custom cloud** wizard: 1. Copy or download the template and the variables file from the **Create custom cloud** wizard. @@ -637,13 +539,13 @@ AWS account. Continue working in the **Create custom cloud** wizard: as an option. ::: -1. Find the role identifier (Role ARN) in the output script after +1. Find a role identifier (Role ARN) in the output script after running the template. -1. Enter Role ARN into the **Role ARN** field in the **Create custom +1. Enter Role ARN into the **IAM role ARN** field in the **Create custom cloud** wizard. -1. Select **Next** to proceed or park your cloud setup and save +1. Click **Next** to proceed or park your cloud setup and save your current configuration as a draft by selecting **Save draft**. You can resume creating your cloud later. @@ -661,24 +563,14 @@ Your cloud can be available in: - Selected organizational units - Specific projects only -Continue working in the **Create custom cloud** wizard: - -1. In the **Custom cloud's availability in your organization** - section, select either: - - - **By default for all projects** to make your custom cloud - available in all existing and future projects in the - organization - - or +To set up your cloud's availability in the **Create custom cloud** wizard > +the **Assign BYOC to projects** section, select one of the two following options: - - **By selection** to pick specific projects or organizational - units where you want your custom cloud to be available. - -1. If you go for the **By selection** option, menus **Assign organizational units** and - **Assign projects** show up. Use them to - select organizational units and/or projects in which to use your custom - cloud. +- **By default for all projects** to make your custom cloud + available in all existing and future projects in the + organization +- **By selection** to pick specific projects or organizational + units where you want your custom cloud to be available. :::note By selecting an organizational unit, you make your custom cloud @@ -687,27 +579,26 @@ available from all the projects in this unit. #### Add customer contacts -Select at least one person whom Aiven can contact in case any technical -issues with your custom cloud need fixing. +Select at least one person whom Aiven can contact in case of any technical +issues with your custom cloud. :::note **Admin** is a mandatory role, which is required as a primary support contact. ::: -1. In the **Customer contacts** section, select a contact person's - role using the **Job title** menu, and provide their email +In the **Create custom cloud** wizard > the **Customer contacts** section: + +1. Select a contact person's role using the **Job title** menu, and provide their email address in the **Email** field. 1. Use **+ Add another contact** to add as many customer contacts as needed for your custom cloud. -1. Select **Create**. +1. Click **Save and validate**. -The custom cloud process has been initiated for you, which is -communicated in the the **Create custom cloud** wizard as **Creating -your custom cloud**. +The custom cloud process has been initiated. #### Complete the cloud setup -Select **Close** to close the **Create custom cloud** wizard. +Select **Done** to close the **Create custom cloud** wizard. The deployment of your new custom cloud might take a few minutes. As soon as it's over, and your custom cloud is ready to use, you'll be @@ -718,16 +609,18 @@ cloud** view. Your new custom cloud is ready to use only after its status changes to **Active**. ::: + + - -1. Generate an IaC template by running [avn byoc create](/docs/tools/cli/byoc#avn-byoc-create). +1. Generate an infrastructure template by running + [avn byoc create](/docs/tools/cli/byoc#avn-byoc-create). ```bash avn byoc create \ --organization-id "ORGANIZATION_ID" \ --deployment-model "DEPLOYMENT_MODEL_NAME" \ - --cloud-provider "google" \ + --cloud-provider "aws" \ --cloud-region "CLOUD_REGION_NAME" \ --reserved-cidr "CIDR_BLOCK" \ --display-name "CUSTOM_CLOUD_DISPLAY_NAME" @@ -738,19 +631,19 @@ Your new custom cloud is ready to use only after its status changes to - `ORGANIZATION_ID` with the ID of your Aiven organization to connect with your own cloud account to create the custom cloud, for example `org123a456b789`. Get your `ORGANIZATION_ID` - [from the Aiven Console or CLI](#byoc-prerequisites). - - `DEPLOYMENT_MODEL_NAME` with the type of [network architecture](/docs/platform/concepts/byoc#byoc-deployment) + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites). + - `DEPLOYMENT_MODEL_NAME` with the type of [network architecture](/docs/platform/concepts/byoc#byoc-architecture) your custom cloud uses: - `standard_public` (public) model: The nodes have public IPs and can be configured to be publicly accessible for authenticated users. The Aiven control plane can connect to the service nodes via the public internet. - `standard` (private) model: The nodes reside in a VPC without public IP addresses and are by default not accessible from outside. Traffic is routed through a proxy - for additional security utilizing a bastion host physically separated from the + for additional security utilizing a bastion host logically separated from the Aiven services. - - `CLOUD_REGION_NAME` with the name of a Google region where to create your custom cloud, + - `CLOUD_REGION_NAME` with the name of an AWS cloud region where to create your custom cloud, for example `europe-north1`. See all available options in - [Google Cloud regions](/docs/platform/reference/list_of_clouds#google-cloud). + [AWS cloud regions](/docs/platform/reference/list_of_clouds#amazon-web-services). - `CIDR_BLOCK` with a CIDR block defining the IP address range of the VPC that Aiven creates in your own cloud account, for example: `10.0.0.0/16`, `172.31.0.0/16`, or `192.168.0.0/20`. @@ -764,7 +657,7 @@ Your new custom cloud is ready to use only after its status changes to ```json { "custom_cloud_environment": { - "cloud_provider": "google", + "cloud_provider": "aws", "cloud_region": "europe-north1", "contact_emails": [ { @@ -775,7 +668,7 @@ Your new custom cloud is ready to use only after its status changes to ], "custom_cloud_environment_id": "018b6442-c602-42bc-b63d-438026133f60", "deployment_model": "standard", - "display_name": "My BYOC Cloud on Google", + "display_name": "My BYOC Cloud on AWS", "errors": [], "reserved_cidr": "10.0.0.0/16", "state": "draft", @@ -804,7 +697,7 @@ Your new custom cloud is ready to use only after its status changes to - `ORGANIZATION_ID` with the ID of your Aiven organization to connect with your own cloud account to create the custom cloud, for example `org123a456b789`. Get your `ORGANIZATION_ID` - [from the Aiven Console or CLI](#byoc-prerequisites). + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites). - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) command, for example `018b6442-c602-42bc-b63d-438026133f60`. @@ -822,7 +715,7 @@ Your new custom cloud is ready to use only after its status changes to - `ORGANIZATION_ID` with the ID of your Aiven organization to connect with your own cloud account to create the custom cloud, for example `org123a456b789`. Get your `ORGANIZATION_ID` - [from the Aiven Console or CLI](#byoc-prerequisites). + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites). - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) command, for example `018b6442-c602-42bc-b63d-438026133f60`. @@ -833,7 +726,7 @@ Your new custom cloud is ready to use only after its status changes to To connect to a custom-cloud service from different security groups (other than the one dedicated for the custom cloud) or from IP address ranges, add specific ingress rules before you apply a - Terraform infrastructure template in your GCP account in the process + Terraform infrastructure template in your AWS cloud account in the process of creating a custom cloud resources. Before adding ingress rules, see the examples provided in the @@ -842,24 +735,23 @@ Your new custom cloud is ready to use only after its status changes to ::: 1. Use Terraform to deploy the infrastructure template with the provided variables in - your GCP account. This will generate a privilege-bearing service account (SA). + your AWS cloud account. This will generate a Role ARN. :::important When running `terraform plan` and `terraform apply`, add `-var-file=FILE_NAME.vars` as an option. ::: - 1. Find `privilege_bearing_service_account_id` in the output script after running - the template. + 1. Find `aws-iam-role-arn` in the output script after running the template. 1. Provision resources by running [avn byoc provision](/docs/tools/cli/byoc#avn-byoc-provision) - and passing the generated `google-privilege-bearing-service-account-id` as an option. + and passing the generated `aws-iam-role-arn` as an option. ```bash avn byoc provision \ --organization-id "ORGANIZATION_ID" \ --byoc-id "CUSTOM_CLOUD_ID" \ - --google-privilege-bearing-service-account-id "GENERATED_SERVICE_ACCOUNT_ID" + --aws-iam-role-arn "GENERATED_ROLE_ARN" ``` Replace the following: @@ -867,15 +759,13 @@ Your new custom cloud is ready to use only after its status changes to - `ORGANIZATION_ID` with the ID of your Aiven organization to connect with your own cloud account to create the custom cloud, for example `org123a456b789`. Get your `ORGANIZATION_ID` - [from the Aiven Console or CLI](#byoc-prerequisites). + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites). - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) command, for example `018b6442-c602-42bc-b63d-438026133f60`. - - `GENERATED_SERVICE_ACCOUNT_ID` with the identifier of the service account - created when running the infrastructure template in your Google Cloud account, - for example - `projects/your-project/serviceAccounts/cce-cce0123456789a@your-project.iam.gserviceaccount.com`. - You can extract `GENERATED_SERVICE_ACCOUNT_ID` from the output of the `terraform apply` + - `GENERATED_ROLE_ARN` with the identifier of the role created when running the + infrastructure template in your AWS cloud account. + You can extract `GENERATED_ROLE_ARN` from the output of the `terraform apply` command or `terraform output` command. 1. Enable your custom cloud in organizations, projects, or units by running @@ -893,7 +783,7 @@ Your new custom cloud is ready to use only after its status changes to - `ORGANIZATION_ID` with the ID of your Aiven organization to connect with your own cloud account to create the custom cloud, for example `org123a456b789`. Get your `ORGANIZATION_ID` - [from the Aiven Console or CLI](#byoc-prerequisites). + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites). - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) command, for example `018b6442-c602-42bc-b63d-438026133f60`. @@ -926,76 +816,17 @@ Your new custom cloud is ready to use only after its status changes to - `ORGANIZATION_ID` with the ID of your Aiven organization to connect with your own cloud account to create the custom cloud, for example `org123a456b789`. Get your `ORGANIZATION_ID` - [from the Aiven Console or CLI](#byoc-prerequisites). + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites). - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) command, for example `018b6442-c602-42bc-b63d-438026133f60`. - - -To integrate with the Azure or OCI cloud providers, you'll have your custom cloud created -by the Aiven team. [Enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc) and -follow up with the Aiven team from there. -## Check your cloud's status - -1. Log in to [Aiven Console](https://console.aiven.io/) as an - administrator, and go to an organization. -1. From the top navigation bar, select **Admin**. -1. From the left sidebar, select . -1. In the **Bring your own cloud** view, identify your new cloud on the - list of available clouds and check its status in the **Status** - column. - -When your custom cloud's status is **Active**, its deployment has been completed. Your -custom cloud is ready to use and you can see it on the list of your custom clouds in the -**Bring your own cloud** view. Now you can create new services in the custom cloud or -migrate your existing services to the custom cloud if your service and networking -configuration allows it. For more information on migrating your existing services to the -custom cloud, contact your account team. - -## Manage services in custom clouds - -### Create a service in the custom cloud - - - -To create a service in the [Aiven Console](https://console.aiven.io/) in your new -custom cloud, follow the guidelines in -[Create a service](/docs/platform/howto/create_new_service). - -When creating a service in the [Aiven Console](https://console.aiven.io/), at the -**Select service region** step, select **Custom clouds** from the available regions. - - -To create a service hosted in your new custom cloud, run -[avn service create](/docs/tools/cli/service-cli#avn-cli-service-create) passing your new -custom cloud name as an option: - - ```bash - avn service create \ - --project "PROJECT_NAME" \ - --service-type "TYPE_OF_BYOC_SERVICE" \ - --plan "PLAN_OF_BYOC_SERVICE" \ - --cloud "CUSTOM_CLOUD_NAME" \ - "NEW_BYOC_SERVICE_NAME" - ``` - - - - -### Migrate existing services to the custom cloud - -Whether you can migrate existing services to the custom cloud depends on your service and -networking configuration. Contact your account team for more information. - ## Related pages -- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc) -- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc) -- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud) -- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud) -- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources) -- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [Store data in custom clouds](/docs/platform/howto/byoc/store-data) +- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status) +- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service) diff --git a/docs/platform/howto/byoc/create-custom-cloud/create-custom-cloud.md b/docs/platform/howto/byoc/create-custom-cloud/create-custom-cloud.md new file mode 100644 index 00000000..a4155d38 --- /dev/null +++ b/docs/platform/howto/byoc/create-custom-cloud/create-custom-cloud.md @@ -0,0 +1,47 @@ +--- +title: Create a custom cloud +sidebar_label: Create custom clouds +keywords: [AWS, Amazon Web Services, GCP, Google Cloud Platform, byoc, bring your own cloud, custom cloud] +--- + +import DocCardList from '@theme/DocCardList'; +import ConsoleLabel from "@site/src/components/ConsoleIcons"; +import Card from "@site/src/components/AivenCard"; +import GridContainer from "@site/src/components/GridContainer"; +import Cassandra from "@site/static/images/logos/cassandra.svg"; + +To create custom clouds in Aiven using self-service, select your cloud provider to integrate with. + + + + + + +#### Limitations + +- You need at least the Advanced tier of Aiven support services to be + eligible for activating BYOC. + + :::tip + See [Aiven support tiers](https://aiven.io/support-services) and + [Aiven responsibility matrix](https://aiven.io/responsibility-matrix) for BYOC. + Contact your account team to learn more or upgrade your support tier. + ::: + +- Only [super admins](/docs/platform/howto/make-super-admin) can create custom clouds. + +#### Related pages + +- [About bring your own cloud](/docs/platform/concepts/byoc) +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [Store data in custom clouds](/docs/platform/howto/byoc/store-data) diff --git a/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud.md b/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud.md new file mode 100644 index 00000000..a3afb121 --- /dev/null +++ b/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud.md @@ -0,0 +1,507 @@ +--- +title: Create a Google-integrated custom cloud +sidebar_label: Google Cloud +keywords: [Google Cloud, GCP, Google Cloud Platform, byoc, bring your own cloud, custom cloud] +--- + +import ConsoleLabel from "@site/src/components/ConsoleIcons"; +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +Create a [custom cloud](/docs/platform/concepts/byoc) for BYOC in your Aiven organization to better address your specific business needs or project requirements. + +To configure a custom cloud in your Aiven organization and prepare your Google Cloud +account so that Aiven can access it: + +1. In the Aiven Console or with the Aiven CLI client, you specify new cloud details to + generate a Terraform infrastructure-as-code template. +1. You download the generated template and deploy it in your Google Cloud account to acquire + a privilege-bearing service account, which Aiven needs for accessing your Google + Cloud account only with permissions that are required. + + :::note + Privilege-bearing service account is an + [identifier](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account#id) + of the [service account](https://cloud.google.com/iam/docs/service-account-types#user-managed) + created when running the infrastructure template in your Google Cloud account. Aiven + [impersonates this service account](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct) + and runs operations, such as creating VMs for service nodes, in your BYOC account. + ::: + +1. You deploy your custom cloud resources supplying the generated privilege-bearing service + account to the Aiven platform, which gives Aiven the permissions + to securely access your Google Cloud account, create resources, and manage them onward. +1. You select projects that can use your new custom clouds for creating services. +1. You add contact details for individuals from your organization that Aiven can reach out + to in case of technical issues with the new cloud. + +## Before you start + +### Prerequisites + +- You have [enabled the BYOC feature](/docs/platform/howto/byoc/enable-byoc). +- You have an active account with your cloud provider. +- Depending on the tool to use for creating a custom cloud: + - Console: Access to the [Aiven Console](https://console.aiven.io/) or + - CLI: + - [Aiven CLI client](/docs/tools/cli) installed + - Aiven organization ID from the output of the `avn organization list` command or + from the [Aiven Console](https://console.aiven.io/) > + \> . +- You have the [super admin](/docs/platform/howto/make-super-admin) role in your Aiven + organization. +- You have Terraform installed. +- You have required + [IAM permissions](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#iam-permissions). + +### IAM permissions + +You need cloud account credentials set up on your machine so that your user or role has +required Terraform permissions +[to integrate with your cloud provider](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#create-a-custom-cloud). + +
+Show permissions needed by your service account that will run the Terraform script in your +Google project + +- `roles/iam.serviceAccountAdmin` (sets up impersonation to the privilege-bearing service account) +- `roles/resourcemanager.projectIamAdmin` (provides permissions to the privilege-bearing + service account to use your project) +- `roles/compute.instanceAdmin.v1` (manages networks and instances) +- `roles/compute.securityAdmin` (creates firewall rules) +- Enable [Identity and Access Management (IAM) API](https://cloud.google.com/iam/docs/reference/rest) + to create the privilege-bearing service account +- Enable + [Cloud Resource Manager (CRM) API](https://cloud.google.com/resource-manager/reference/rest) + to set IAM policies to the privilege-bearing service account +- Enable + [Compute Engine API](https://console.cloud.google.com/marketplace/product/google/compute.googleapis.com). +
+For more information on Google Cloud roles, see +[IAM basic and predefined roles reference](https://cloud.google.com/iam/docs/understanding-roles) +in the Goodle Cloud documentation. + +## Create a custom cloud + +Create a custom cloud either in the Aiven Console or with the Aiven CLI. + + + + +#### Launch the BYOC setup + +1. Log in to the [Aiven Console](https://console.aiven.io/), and go to an organization. +1. Click **Admin** in the top navigation, and click + in the sidebar. +1. In the **Bring your own cloud** view, select **Create custom cloud**. + +#### Generate an infrastructure template + +In this step, an IaC template is generated in the Terraform format. In +[the next step](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#deploy-the-template), +you'll deploy this template in your Google Cloud account to acquire a privilege-bearing +service account (SA), which Aiven needs for accessing your Google Cloud account. + +In the **Create custom cloud** wizard: + +1. Specify cloud details: + + - Cloud provider + - Region + - Custom cloud name + - [Infrastructure tags](/docs/platform/howto/byoc/tag-custom-cloud-resources) + + Click **Next**. + +1. Specify deployment and storage details: + + - [Deployment model](/docs/platform/concepts/byoc#byoc-architecture) + + Choose between: + - Private model, which routes traffic through a proxy for additional security + utilizing a bastion host logically separated from the Aiven services. + - Public model, which allows the Aiven control plane to connect to the service + nodes via the public internet. + + - CIDR + + The **CIDR** block defines the IP address range of the VPC that + Aiven creates in your own cloud account. Any Aiven service created in + the custom cloud will be placed in the VPC and will get an IP + address within this address range. + + In the **CIDR** field, specify an IP address range for the BYOC + VPC using a CIDR block notation, for example: `10.0.0.0/16`, + `172.31.0.0/16`, or `192.168.0.0/20`. + + Make sure that an IP address range you use meets the following + requirements: + + - IP address range is within the private IP address ranges + allowed in [RFC + 1918](https://datatracker.ietf.org/doc/html/rfc1918). + + - CIDR block size is between `/16` (65536 IP addresses) and + `/24` (256 IP addresses). + + - CIDR block is large enough to host the desired number of + services after splitting it into per-availability-zone + subnets. + + For example, the smallest `/24` CIDR block might be enough + for a few services but can pose challenges during node + replacements or maintenance upgrades if running low on + available free IP addresses. + + - CIDR block of your BYOC VCP doesn't overlap with the CIDR + blocks of VPCs you plan to peer your BYOC VPC with. You + cannot change the BYOC VPC CIDR block after your custom + cloud is created. + + - Remote storage (BYOC-hosted) + + By default, the following data is stored in object storage in your own cloud account: + + - Cold data (learn more about the + [BYOC tiered storage](/docs/platform/howto/byoc/store-data#byoc-tiered-storage)) + - Service backups + + :::note + - Data is stored in your object storage using one Cloud Storage bucket per custom + cloud. + - Permissions for Cloud Storage bucket management will be included in the Terraform + infrastructure template to be generated upon completing this step. + ::: + + Click **Generate template**. + +Your infrastructure Terraform template gets generated based on your inputs. You can +view, copy, or download it. Now, you can use the template to acquire a privilege-bearing +service account. + +#### Deploy the template + +Use the +[generated Terraform template](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#generate-an-infrastructure-template) +to create a privilege-bearing service account by deploying the template in your Google +Cloud account. + +Continue working in the **Create custom cloud** wizard: + +1. Copy or download the template and the variables file from the + **Create custom cloud** wizard. + +1. Optionally, modify the template as needed. + + :::note + To connect to a custom-cloud service from different security groups + (other than the one dedicated for the custom cloud) or from IP + address ranges, add specific ingress rules before you apply a + Terraform infrastructure template in your Google Cloud account in the process + of creating a custom cloud resources. + + Before adding ingress rules, see the examples provided in the + Terraform template you generated and downloaded from [Aiven + Console](https://console.aiven.io/). + ::: + +1. Use Terraform to deploy the infrastructure template in your Google Cloud account with + the provided variables. + + :::important + When running `terraform plan` and `terraform apply`, add `-var-file=FILE_NAME.vars` + as an option. + ::: + +1. Find a privilege-bearing service account in the output script after + running the template. + +1. Supply the privilege-bearing service account into the **Create custom cloud** wizard. + +1. Click **Next** to proceed or park your cloud setup and save + your current configuration as a draft by selecting **Save draft**. + You can resume creating your cloud later. + +#### Set up your custom cloud's availability + +Select in what projects you'll be able to use your new custom cloud as a hosting cloud for +services. In the projects where you enable your custom cloud, you can create new +services in the custom cloud or migrate your existing services to the custom cloud if your +service and networking configuration allows it. For more information on migrating your +existing services to the custom cloud, contact your account team. + +Your cloud can be available in: + +- All the projects in your organization +- Selected organizational units +- Specific projects only + +To set up your cloud's availability in the **Create custom cloud** wizard > +the **Assign BYOC to projects** section, select one of the two following options: + +- **By default for all projects** to make your custom cloud + available in all existing and future projects in the + organization +- **By selection** to pick specific projects or organizational + units where you want your custom cloud to be available. + +:::note +By selecting an organizational unit, you make your custom cloud +available from all the projects in this unit. +::: + +#### Add customer contacts + +Select at least one person whom Aiven can contact in case of any technical +issues with your custom cloud. + +:::note +**Admin** is a mandatory role, which is required as a primary support contact. +::: + +In the **Create custom cloud** wizard > the **Customer contacts** section: + +1. Select a contact person's role using the **Job title** menu, and provide their email + address in the **Email** field. +1. Use **+ Add another contact** to add as many customer contacts as + needed for your custom cloud. +1. Click **Save and validate**. + +The custom cloud process has been initiated. + +#### Complete the cloud setup + +Select **Done** to close the **Create custom cloud** wizard. + +The deployment of your new custom cloud might take a few minutes. As +soon as it's over, and your custom cloud is ready to use, you'll be +able to see it on the list of your custom clouds in the **Bring your own +cloud** view. + +:::note +Your new custom cloud is ready to use only after its status changes to +**Active**. +::: + + + + +1. Generate an IaC template by running [avn byoc create](/docs/tools/cli/byoc#avn-byoc-create). + + ```bash + avn byoc create \ + --organization-id "ORGANIZATION_ID" \ + --deployment-model "DEPLOYMENT_MODEL_NAME" \ + --cloud-provider "google" \ + --cloud-region "CLOUD_REGION_NAME" \ + --reserved-cidr "CIDR_BLOCK" \ + --display-name "CUSTOM_CLOUD_DISPLAY_NAME" + ``` + + Replace the following: + + - `ORGANIZATION_ID` with the ID of your Aiven organization to + connect with your own cloud account to create the custom cloud, + for example `org123a456b789`. Get your `ORGANIZATION_ID` + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites). + - `DEPLOYMENT_MODEL_NAME` with the type of [network architecture](/docs/platform/concepts/byoc#byoc-architecture) + your custom cloud uses: + - `standard_public` (public) model: The nodes have public IPs and can be configured + to be publicly accessible for authenticated users. The Aiven control plane can + connect to the service nodes via the public internet. + - `standard` (private) model: The nodes reside in a VPC without public IP addresses + and are by default not accessible from outside. Traffic is routed through a proxy + for additional security utilizing a bastion host logically separated from the + Aiven services. + - `CLOUD_REGION_NAME` with the name of a Google region where to create your custom cloud, + for example `europe-north1`. See all available options in + [Google Cloud regions](/docs/platform/reference/list_of_clouds#google-cloud). + - `CIDR_BLOCK` with a CIDR block defining the IP address range of the VPC that Aiven + creates in your own cloud account, for example: `10.0.0.0/16`, `172.31.0.0/16`, or + `192.168.0.0/20`. + - `CUSTOM_CLOUD_DISPLAY_NAME` with the name of your custom cloud, which you can set + arbitrarily. + +
+ Show sample output + + + ```json + { + "custom_cloud_environment": { + "cloud_provider": "google", + "cloud_region": "europe-north1", + "contact_emails": [ + { + "email": "firstname.secondname@domain.com", + "real_name": "Test User", + "role": "Admin" + } + ], + "custom_cloud_environment_id": "018b6442-c602-42bc-b63d-438026133f60", + "deployment_model": "standard", + "display_name": "My BYOC Cloud on Google", + "errors": [], + "reserved_cidr": "10.0.0.0/16", + "state": "draft", + "tags": {}, + "update_time": "2024-05-07T14:24:18Z" + } + } + ``` + +
+ +1. Deploy the IaC template. + + 1. Download the template and the variable file: + + - [avn byoc template terraform get-template](/docs/tools/cli/byoc#avn-byoc-template-terraform-get-template) + + ```bash + avn byoc template terraform get-template \ + --organization-id "ORGANIZATION_ID" \ + --byoc-id "CUSTOM_CLOUD_ID" >| "tf_dir/tf_file.tf" + ``` + + Replace the following: + + - `ORGANIZATION_ID` with the ID of your Aiven organization to + connect with your own cloud account to create the custom cloud, + for example `org123a456b789`. Get your `ORGANIZATION_ID` + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites). + - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can + extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) + command, for example `018b6442-c602-42bc-b63d-438026133f60`. + + - [avn byoc template terraform get-vars](/docs/tools/cli/byoc#avn-byoc-template-terraform-get-vars) + + ```bash + avn byoc template terraform get-vars \ + --organization-id "ORGANIZATION_ID" \ + --byoc-id "CUSTOM_CLOUD_ID" >| "tf_dir/tf_file.vars" + ``` + + Replace the following: + + - `ORGANIZATION_ID` with the ID of your Aiven organization to + connect with your own cloud account to create the custom cloud, + for example `org123a456b789`. Get your `ORGANIZATION_ID` + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites). + - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can + extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) + command, for example `018b6442-c602-42bc-b63d-438026133f60`. + + 1. Optionally, modify the template as needed. + + :::note + To connect to a custom-cloud service from different security groups + (other than the one dedicated for the custom cloud) or from IP + address ranges, add specific ingress rules before you apply a + Terraform infrastructure template in your Google Cloud account in the process + of creating a custom cloud resources. + + Before adding ingress rules, see the examples provided in the + Terraform template you generated and downloaded from the [Aiven + Console](https://console.aiven.io/). + ::: + + 1. Use Terraform to deploy the infrastructure template with the provided variables in + your Google Cloud account. This will generate a privilege-bearing service account (SA). + + :::important + When running `terraform plan` and `terraform apply`, add `-var-file=FILE_NAME.vars` + as an option. + ::: + + 1. Find `privilege_bearing_service_account_id` in the output script after running + the template. + +1. Provision resources by running [avn byoc provision](/docs/tools/cli/byoc#avn-byoc-provision) + and passing the generated `google-privilege-bearing-service-account-id` as an option. + + ```bash + avn byoc provision \ + --organization-id "ORGANIZATION_ID" \ + --byoc-id "CUSTOM_CLOUD_ID" \ + --google-privilege-bearing-service-account-id "GENERATED_SERVICE_ACCOUNT_ID" + ``` + + Replace the following: + + - `ORGANIZATION_ID` with the ID of your Aiven organization to + connect with your own cloud account to create the custom cloud, + for example `org123a456b789`. Get your `ORGANIZATION_ID` + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites). + - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can + extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) + command, for example `018b6442-c602-42bc-b63d-438026133f60`. + - `GENERATED_SERVICE_ACCOUNT_ID` with the identifier of the service account + created when running the infrastructure template in your Google Cloud account, + for example + `projects/your-project/serviceAccounts/cce-cce0123456789a@your-project.iam.gserviceaccount.com`. + You can extract `GENERATED_SERVICE_ACCOUNT_ID` from the output of the `terraform apply` + command or `terraform output` command. + +1. Enable your custom cloud in organizations, projects, or units by running + [avn byoc cloud permissions add](/docs/tools/cli/byoc#avn-byoc-cloud-permissions-add). + + ```bash + avn byoc cloud permissions add \ + --organization-id "ORGANIZATION_ID" \ + --byoc-id "CUSTOM_CLOUD_ID" \ + --account "ACCOUNT_ID" + ``` + + Replace the following: + + - `ORGANIZATION_ID` with the ID of your Aiven organization to + connect with your own cloud account to create the custom cloud, + for example `org123a456b789`. Get your `ORGANIZATION_ID` + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites). + - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can + extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) + command, for example `018b6442-c602-42bc-b63d-438026133f60`. + - `ACCOUNT_ID` with the identifier of your account (organizational unit) in Aiven, + for example `a484338c34d7`. You can extract `ACCOUNT_ID` from the output of + the `avn organization list` command. + +1. Add customer contacts for the new cloud by running + [avn byoc update](/docs/tools/cli/byoc#avn-byoc-update). + + ```bash + avn byoc update \ + --organization-id "ORGANIZATION_ID" \ + --byoc-id "CUSTOM_CLOUD_ID" \ + ' + { + "contact_emails": [ + { + "email": "EMAIL_ADDRESS", + "real_name": "John Doe", + "role": "Admin" + } + ] + } + ' + ``` + + Replace the following: + + - `ORGANIZATION_ID` with the ID of your Aiven organization to + connect with your own cloud account to create the custom cloud, + for example `org123a456b789`. Get your `ORGANIZATION_ID` + [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites). + - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can + extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list) + command, for example `018b6442-c602-42bc-b63d-438026133f60`. + + + + +## Related pages + +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [Store data in custom clouds](/docs/platform/howto/byoc/store-data) +- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status) +- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service) diff --git a/docs/platform/howto/byoc/delete-custom-cloud.md b/docs/platform/howto/byoc/delete-custom-cloud.md index b035f71f..1056c382 100644 --- a/docs/platform/howto/byoc/delete-custom-cloud.md +++ b/docs/platform/howto/byoc/delete-custom-cloud.md @@ -88,9 +88,6 @@ When running `terraform destroy`, add `-var-file=FILE_NAME.vars` as an option. ## Related pages -- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc) -- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc) -- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud) -- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud) -- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud) -- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources) +- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status) +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [Store data in custom clouds](/docs/platform/howto/byoc/store-data) diff --git a/docs/platform/howto/byoc/download-infrastructure-template.md b/docs/platform/howto/byoc/download-infrastructure-template.md index a9539018..e36aa7b1 100644 --- a/docs/platform/howto/byoc/download-infrastructure-template.md +++ b/docs/platform/howto/byoc/download-infrastructure-template.md @@ -84,10 +84,6 @@ avn byoc template terraform get-vars \ ## Related pages -- [Bring your own cloud](/docs/platform/concepts/byoc) -- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc) -- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud) -- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud) -- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud) -- [Rename a custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) -- [Delete a custom cloud](/docs/platform/howto/byoc/delete-custom-cloud) +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources) +- [Store data in custom clouds](/docs/platform/howto/byoc/store-data) diff --git a/docs/platform/howto/byoc/enable-byoc.md b/docs/platform/howto/byoc/enable-byoc.md index f5795ec4..78c04ccf 100644 --- a/docs/platform/howto/byoc/enable-byoc.md +++ b/docs/platform/howto/byoc/enable-byoc.md @@ -7,6 +7,10 @@ import ConsoleLabel from "@site/src/components/ConsoleIcons"; Enabling [the bring your own cloud (BYOC) feature](/docs/platform/concepts/byoc) allows you to [create custom clouds](/docs/platform/howto/byoc/create-custom-cloud) in your Aiven organization. +To enable [BYOC](/docs/platform/concepts/byoc), open the +[Aiven Console](https://console.aiven.io/) and +[set up a call with the Aiven sales team](/docs/platform/howto/byoc/enable-byoc#enable-byoc). + :::note Enabling [the BYOC feature](/docs/platform/concepts/byoc) or creating custom clouds in your Aiven environment does not affect the configuration of your @@ -14,16 +18,9 @@ existing Aiven organizations, projects, or services. It only allows you to run A services in your cloud provider account. ::: -To be able to create custom clouds on the Aiven platform, first you need -to enable the BYOC feature. The [Aiven Console](https://console.aiven.io/) -offers a quick and easy way to set up a short call with the Aiven sales -team to identify your use cases and confirm the requirements. In the -call, we make sure BYOC can address them, and we check your environment -eligibility for the feature. - :::important Before enabling BYOC, check -[who is eligible for BYOC](/docs/platform/concepts/byoc#eligible-for-byoc) and review +[who is eligible for BYOC](/docs/platform/concepts/byoc#who-is-eligible-for-byoc) and review [feature limitations](/docs/platform/howto/byoc/enable-byoc#byoc-enable-limitations) and [prerequisites](/docs/platform/howto/byoc/enable-byoc#byoc-enable-prerequisites). ::: @@ -71,17 +68,11 @@ You must be a [super admin](/docs/platform/howto/make-super-admin) to enable thi ## Next steps -With BYOC activated in your Aiven organization, you can create and use custom -clouds: - -- [By yourself if using AWS or GCP](/docs/platform/howto/byoc/create-custom-cloud#create-cloud). -- By contacting the Aiven team if using Azure or OCI. +With BYOC activated in your Aiven organization, you can +[create and use custom clouds](/docs/platform/howto/byoc/create-custom-cloud). ## Related pages -- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc) -- [Create a custom cloud](/docs/platform/howto/byoc/create-custom-cloud) -- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud) -- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud) -- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources) -- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) +- [About bring your own cloud](/docs/platform/concepts/byoc) +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud) diff --git a/docs/platform/howto/byoc/manage-byoc-service.md b/docs/platform/howto/byoc/manage-byoc-service.md new file mode 100644 index 00000000..078fcd22 --- /dev/null +++ b/docs/platform/howto/byoc/manage-byoc-service.md @@ -0,0 +1,62 @@ +--- +title: Manage services hosted in custom clouds +sidebar_label: Manage BYOC services +--- + +import ConsoleLabel from "@site/src/components/ConsoleIcons"; +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +Create a service in your custom cloud or migrate an existing service to your custom cloud. + +## Create a service in a custom cloud + + + +To create a service in the [Aiven Console](https://console.aiven.io/) in your new +custom cloud, follow the guidelines in +[Create a service](/docs/platform/howto/create_new_service). + +When creating a service in the [Aiven Console](https://console.aiven.io/), at the +**Select service region** step, select **Custom clouds** from the available regions. + + +To create a service hosted in your new custom cloud, run +[avn service create](/docs/tools/cli/service-cli#avn-cli-service-create) passing your new +custom cloud name as an option: + +```bash +avn service create \ + --project "PROJECT_NAME" \ + --service-type "TYPE_OF_BYOC_SERVICE" \ + --plan "PLAN_OF_BYOC_SERVICE" \ + --cloud "CUSTOM_CLOUD_NAME" \ + "NEW_BYOC_SERVICE_NAME" +``` + + + + +## Migrate an existing service to a custom cloud + +You can migrate a non-BYOC Aiven-managed service to your custom cloud. How you do that +depends on the [deployment mode](/docs/platform/concepts/byoc#byoc-architecture) of +your custom cloud: public or private. + +### Migrate to public BYOC + +To migrate a service to a custom cloud in the public deployment model, +[change a cloud provider and a cloud region](/docs/platform/howto/migrate-services-cloud-region) +to point to your custom cloud. + +### Migrate to private BYOC + +Migrating a service to a custom cloud in the private deployment model requires network +reconfiguration. Services are never exposed to the internet, and correct private +communication must be established. Contact your account team for private migration guidance. + +## Related pages + +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [Store data in custom clouds](/docs/platform/howto/byoc/store-data) +- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status) diff --git a/docs/platform/howto/byoc/networking-security.md b/docs/platform/howto/byoc/networking-security.md index f433fa1b..7688dbef 100644 --- a/docs/platform/howto/byoc/networking-security.md +++ b/docs/platform/howto/byoc/networking-security.md @@ -115,10 +115,7 @@ For more information on Aiven security and compliance, see ## Related pages -- [Bring your own cloud](/docs/platform/concepts/byoc) -- [Enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc) +- [About bring your own cloud](/docs/platform/concepts/byoc) +- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc) - [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud) -- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud) -- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud) -- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) -- [Download an infrastructure template](/docs/platform/howto/byoc/download-infrastructure-template) +- [Store data in custom clouds](/docs/platform/howto/byoc/store-data) diff --git a/docs/platform/howto/byoc/rename-custom-cloud.md b/docs/platform/howto/byoc/rename-custom-cloud.md index 04c082f3..7d46672e 100644 --- a/docs/platform/howto/byoc/rename-custom-cloud.md +++ b/docs/platform/howto/byoc/rename-custom-cloud.md @@ -65,9 +65,7 @@ avn byoc update \ ## Related pages -- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc) -- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc) -- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud) +- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status) - [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud) - [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud) - [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources) diff --git a/docs/platform/howto/byoc/store-data.md b/docs/platform/howto/byoc/store-data.md new file mode 100644 index 00000000..52f894d2 --- /dev/null +++ b/docs/platform/howto/byoc/store-data.md @@ -0,0 +1,73 @@ +--- +title: Store data in custom clouds +sidebar_label: Storage data +keywords: [bring your own cloud, byoc, custom cloud, BYOC cloud, object storage, tiered storage, bucket] +--- + +import ConsoleLabel from "@site/src/components/ConsoleIcons"; + +BYOC environments use the tiered storage capability for data allocation. Cold data in your +custom cloud is stored in your AWS cloud account or your Google Cloud organization. + +## BYOC tiered storage + +:::important +[BYOC](/docs/platform/concepts/byoc) tiered storage is only supported for +[Aiven for Apache Kafka](/docs/products/kafka/howto/kafka-tiered-storage-get-started) and +[Aiven for ClickHouse](/docs/products/clickhouse/concepts/clickhouse-tiered-storage). +::: + +To store data, [BYOC](/docs/platform/concepts/byoc) environments use tiered storage, a +data allocation mechanism for improved efficiency and cost optimization of data management. +When enabled, tiered storage allows moving data automatically between hot storage (for +frequently accessed, critical, and often updated data) and cold storage (for rarely +accessed, static, or archived data). + +Cold data of BYOC-hosted services is stored in object storage in your AWS cloud +account or your Google Cloud organization. One bucket is created per custom cloud. + +:::note + +- Tiered storage enabled on non-BYOC services is owned by Aiven and as such doesn't allow + to store cold data in your own cloud account. +- Non-BYOC services with Aiven-owned tiered storage cannot be migrated to BYOC. + +::: + +To use tiered storage in an BYOC-hosted service, tiered storage needs to be enabled both +[in your custom cloud](/docs/platform/howto/byoc/store-data#enable-tiered-storage-in-a-custom-cloud) +and +[in the BYOC-hosted service](/docs/platform/howto/byoc/store-data#enable-tiered-storage-on-a-service). + +## Enable tiered storage in a custom cloud + +- **New custom clouds**: Tiered storage is enabled by default in all new custom + clouds so you can proceed to + [enabling tiered storage on a service](/docs/platform/howto/byoc/store-data#enable-tiered-storage-on-a-service). +- **Existing custom clouds with no tiered storage support**: + [Contact the Aiven support team](mailto:support@aiven.io) to request enabling tiered + storage in your custom cloud. + +## Enable tiered storage on a service + +### Prerequisites + +- At least one [custom cloud](/docs/platform/howto/byoc/create-custom-cloud) +- At least one [Aiven-manged service](/docs/platform/howto/create_new_service), either + Aiven for Apache Kafka® or Aiven for ClickHouse®, hosted in an custom cloud + + :::note + If your Aiven-managed service is not hosted in a custom cloud, you can + [migrate it](/docs/platform/howto/byoc/manage-byoc-service#migrate-an-existing-service-to-a-custom-cloud). + ::: + +### Activate tiered storage + +- [Enable for Aiven for Apache Kafka](/docs/products/kafka/howto/enable-kafka-tiered-storage) +- [Enable for Aiven for Clickhouse](/docs/products/clickhouse/howto/enable-tiered-storage) + +## Related pages + +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status) +- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service) diff --git a/docs/platform/howto/byoc/tag-custom-cloud-resources.md b/docs/platform/howto/byoc/tag-custom-cloud-resources.md index 797edb92..ae3efbae 100644 --- a/docs/platform/howto/byoc/tag-custom-cloud-resources.md +++ b/docs/platform/howto/byoc/tag-custom-cloud-resources.md @@ -128,9 +128,7 @@ Any change to infrastructure tags requires reapplying the Terraform template. ## Related pages -- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc) -- [Enable the bring your own cloud (BYOC) feature](/docs/platform/howto/byoc/enable-byoc) -- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud) -- [Enable your AWS custom cloud in Aiven organizations, units, or projects](/docs/platform/howto/byoc/assign-project-custom-cloud) -- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud) -- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud) +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status) +- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service) +- [Download an infrastructure template and a variables file](/docs/platform/howto/byoc/download-infrastructure-template) diff --git a/docs/platform/howto/byoc/view-custom-cloud-status.md b/docs/platform/howto/byoc/view-custom-cloud-status.md new file mode 100644 index 00000000..b2afb5ab --- /dev/null +++ b/docs/platform/howto/byoc/view-custom-cloud-status.md @@ -0,0 +1,33 @@ +--- +title: View the status of a custom cloud +sidebar_label: View custom cloud status +--- + +import ConsoleLabel from "@site/src/components/ConsoleIcons"; + +Find out whether your custom cloud is ready to use by viewing its status. + +1. Log in to [Aiven Console](https://console.aiven.io/) as an + administrator, and go to an organization. +1. From the top navigation bar, select **Admin**. +1. From the left sidebar, select . +1. In the **Bring your own cloud** view, identify your new cloud on the + list of available clouds and check its status in the **Status** + column. + +When your custom cloud's status is **Active**, its deployment has been completed. Your +custom cloud is ready to use and you can see it on the list of your custom clouds in the +**Bring your own cloud** view. + +Now you can +[create new services in the custom cloud](/docs/platform/howto/byoc/manage-byoc-service#create-a-service-in-a-custom-cloud) +or +[migrate your existing services to the custom cloud](/docs/platform/howto/byoc/manage-byoc-service#migrate-an-existing-service-to-a-custom-cloud) +if your service and networking configuration allows it. For more information on migrating +your existing services to the custom cloud, contact your account team. + +## Related pages + +- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security) +- [Store data in custom clouds](/docs/platform/howto/byoc/store-data) +- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service) diff --git a/docs/tools/cli/byoc.md b/docs/tools/cli/byoc.md index 9010e021..1bb793f4 100644 --- a/docs/tools/cli/byoc.md +++ b/docs/tools/cli/byoc.md @@ -13,7 +13,7 @@ Set up and manage your [custom clouds](/docs/platform/concepts/byoc) using the A | Parameter | Required | Information | | ------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `--organization-id` | Yes | Identifier of an organization where to create the custom cloud | -| `--deployment-model`| Yes | Determines the [deployment model](/docs/platform/concepts/byoc#byoc-deployment), for example `standard` (the default deployment model with a private workload network) | +| `--deployment-model`| Yes | Determines the [deployment model](/docs/platform/concepts/byoc#byoc-architecture), for example `standard` (the default deployment model with a private workload network) | | `--cloud-provider` | Yes | Cloud provider to be used for running the custom cloud, for example`aws` (Amazon Web Services) | | `--cloud-region` | Yes | Cloud region where to create the custom cloud, for example `eu-west-1` | | `--reserved-cidr` | Yes | IP address range of the VPC to be created in your cloud account for Aiven services hosted on a custom cloud | diff --git a/sidebars.ts b/sidebars.ts index 1859ffdf..449187db 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -311,13 +311,27 @@ const sidebars: SidebarsConfig = { items: [ 'platform/howto/byoc/networking-security', 'platform/howto/byoc/enable-byoc', - 'platform/howto/byoc/create-custom-cloud', + { + type: 'category', + label: 'Create custom clouds', + link: { + type: 'doc', + id: 'platform/howto/byoc/create-custom-cloud/create-custom-cloud', + }, + items: [ + 'platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud', + 'platform/howto/byoc/create-custom-cloud/create-google-custom-cloud', + ], + }, 'platform/howto/byoc/assign-project-custom-cloud', 'platform/howto/byoc/add-customer-info-custom-cloud', 'platform/howto/byoc/tag-custom-cloud-resources', + 'platform/howto/byoc/store-data', 'platform/howto/byoc/rename-custom-cloud', 'platform/howto/byoc/download-infrastructure-template', 'platform/howto/byoc/delete-custom-cloud', + 'platform/howto/byoc/manage-byoc-service', + 'platform/howto/byoc/view-custom-cloud-status', ], }, { diff --git a/static/_redirects b/static/_redirects index 6e22ddd8..7041f4ce 100644 --- a/static/_redirects +++ b/static/_redirects @@ -212,7 +212,7 @@ /valkey https://aiven.io/docs/products/valkey /products/kafka/howto/enable-karapace https://aiven.io/docs/products/kafka/howto/enable-schema-registry /products/kafka/howto/list-schema-registry https://aiven.io/docs/products/kafka/howto/enable-schema-registry - +/platform/howto/byoc/create-custom-cloud https://aiven.io/docs/platform/howto/byoc/create-custom-cloud/create-custom-cloud # Keep splats at the end # diff --git a/static/images/content/figma/byoc-aws-private.png b/static/images/content/figma/byoc-aws-private.png index 743eca95..9879624b 100644 Binary files a/static/images/content/figma/byoc-aws-private.png and b/static/images/content/figma/byoc-aws-private.png differ diff --git a/static/images/content/figma/byoc-aws-public.png b/static/images/content/figma/byoc-aws-public.png index 3f8453b0..979dd313 100644 Binary files a/static/images/content/figma/byoc-aws-public.png and b/static/images/content/figma/byoc-aws-public.png differ diff --git a/static/images/content/figma/byoc-gcp-private.png b/static/images/content/figma/byoc-gcp-private.png index 304c31fb..507ba1f4 100644 Binary files a/static/images/content/figma/byoc-gcp-private.png and b/static/images/content/figma/byoc-gcp-private.png differ diff --git a/static/images/content/figma/byoc-gcp-public.png b/static/images/content/figma/byoc-gcp-public.png index 6f2cf2d6..85f8fb52 100644 Binary files a/static/images/content/figma/byoc-gcp-public.png and b/static/images/content/figma/byoc-gcp-public.png differ diff --git a/static/images/content/figma/byoc-how-it-works.png b/static/images/content/figma/byoc-how-it-works.png new file mode 100644 index 00000000..52be7223 Binary files /dev/null and b/static/images/content/figma/byoc-how-it-works.png differ