Cloud Resource List
AWS
By default, creating AutoMQ from the AWS Marketplace and deploying a 6 AKU cluster across three availability zones, while letting AutoMQ handle the creation of VPC and subnet network resources, will create and depend on the following essential cloud resources:
| Resource Name | Specification | Quantity | Description |
|---|---|---|---|
| VPC | - | 1 | The VPC used by AutoMQ control and data planes. |
| Security Group | - | 1 | The security group used by AutoMQ, with 1 new rule created, |
| Subnet | - | 4 | The control plane will use 1 subnet, and each of the 3 data plane nodes will use 1 subnet, |
| IGW | - | 1 | For the control plane to be accessible from the public internet, |
| VPC Internet Gateway | - | 1 | For the control plane to access the public internet, |
| Network ACL | - | 1 | AutoMQ will create the following ACL rules.[1] |
| Route Table | - | - | Rules associated with local and endpoint |
| Security Group | - | - | AutoMQ will create the following security group rules.[2] |
| EC2 | t3.large | 1 | Deploys the control plane |
| EBS | GP3,20 GB | 1 | Used for the control plane system volume, encryption is disabled by default. |
| EBS | GP3,20 GB | 3 | Used for the data plane system volume, encryption is disabled by default. |
| EBS | GP3,20 GB | 3 | Used for the data plane data volume, encryption is disabled by default. |
| EC2 | r6in.large | 3 | Provides support for AutoMQ data plane with 6 AKU capacity |
| Elastic IP Address | - | 1 | Used by AutoMQ control plane |
| IAM Instance Profile | - | 1 | Grants permissions to the control plane EC2 for executing data plane creation tasks |
| IAM Policy | - | 1 | An IAM policy will be created for AutoMQ, used for authorization. The policy follows the principle of least privilege and can be referenced from the AWS installation documentation. This policy allows AutoMQ to create necessary resources when users need to create a new data plane cluster. |
| IAM Role | - | 1 | An IAM role will be created for AutoMQ, associated with the IAM policy. |
| Route 53 Records | - | 3 | AutoMQ provides Bootstrap Server endpoints, with a domain name assigned to each node. |
| EC2 Endpoint | - | 1 | Used for EC2 to access AWS OpenAPI and query metadata. |
| S3 Endpoint | - | 1 | Ensures that access to S3 is routed through the internal network. |
| AutoScaling Group | - | 1 | Created only when using the AWS Cloud Marketplace CloudFormation method. |
| Launch Template | - | 1 | Created only when using AWS CloudFormation from the AWS Marketplace, and will be dependent on the ASG. |
| S3 Bucket | - | 2 | Using AutoMQ requires users to provide 2 S3 Buckets, one for storing primary data and the other for storing logs and monitoring data. By default, encryption options do not need to be enabled. |
| Route 53 | - | 1 | Used for binding domain names to data nodes in subsequent steps. |
[1] AutoMQ AWS Network ACL
// aws_default_network_acl
egress {
action = "allow"
from_port = 0
ipv6_cidr_block = "::/0"
protocol = "-1"
rule_no = 101
to_port = 0
}
egress {
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 0
protocol = "-1"
rule_no = 100
to_port = 0
}
ingress {
action = "allow"
_port = 0
ipv6_cidr_block = "::/0"
protocol = "-1"
rule_no = 101
to_port = 0
}
ingress {
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 0
protocol = "-1"
rule_no = 100
to_port = 0
}
[2] AutoMQ AWS Security Group
// vpc_endpoint_sg
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
// automq_byoc_console_sg
ingress {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = [var.automq_byoc_env_console_cidr]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}