Alibaba Cloud
Refer to Overview▸, using AutoMQ Cloud requires setting up the environment first. This article explains how to directly create a BYOC environment with one click through the Alibaba Cloud Marketplace.
In this article, the terms AutoMQ product service provider, AutoMQ service provider, and AutoMQ specifically refer to AutoMQ HK Limited.
Prerequisites
Condition 1: Cloud Product Dependencies
To create a BYOC environment on Alibaba Cloud, the user’s Alibaba Cloud account must have the following cloud products enabled in advance; otherwise, it will not be usable.
Elastic Compute Service (ECS), AutoMQ Kafka uses Elastic Compute Service (ECS) to deploy computing nodes.
Object Storage Service (OSS), AutoMQ Kafka uses Object Storage Service (OSS) to store data.
PrivateZone, AutoMQ Kafka uses PrivateZone to provide Kafka cluster endpoint domain name resolution.
Condition 2: Cloud Account Operation Permissions
To create a BYOC environment, the cloud account must be either the primary account or a RAM sub-account that has been granted the necessary operation permissions. If you are using a RAM sub-account on the Alibaba Cloud console, you need to refer to the Alibaba Cloud Compute Nest RAM Authorization Documentation to authorize the account before proceeding with the service activation.
The relevant authorization policies and cloud product lists are divided into two parts:
Authorization Content 1: Access to Compute Nest Products:
To allow a RAM sub-account to access Alibaba Cloud Compute Nest products, the following system permissions must be granted.
AliyunMarketplaceFullAccess: Permission to access Alibaba Cloud Marketplace products.
AliyunComputeNestUserFullAccess: Permission to manage and use Alibaba Cloud Compute Nest products.
AliyunVPCReadOnlyAccess: Permission to read Virtual Private Cloud (VPC).
AliyunOSSReadOnlyAccess: Permission to read Object Storage Service (OSS).
AliyunROSFullAccess: Permission to manage Resource Orchestration Service (ROS).
AliyunCloudMonitorFullAccess: Permission to manage CloudMonitor.
Authorization Content 2: Permissions Required to Install AutoMQ:
To install and deploy AutoMQ using Computing Nest, you also need to grant custom permission policies. Refer to the policy file below:
{
"Statement": [
{
"Action": [
"ecs:AddTags",
"ecs:AllocatePublicIpAddress",
"ecs:AttachKeyPair",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:ConfigureSecurityGroupPermissions",
"ecs:CreateSecurityGroup",
"ecs:DeleteInstance",
"ecs:DeleteSecurityGroup",
"ecs:DescribeAvailableResource",
"ecs:DescribeDedicatedHosts",
"ecs:DescribeDisks",
"ecs:DescribeImageSupportInstanceTypes",
"ecs:DescribeImages",
"ecs:DescribeInstanceAutoRenewAttribute",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeInstances",
"ecs:DescribeKeyPairs",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribePrice",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSnapshots",
"ecs:DescribeUserData",
"ecs:DetachKeyPair",
"ecs:JoinResourceGroup",
"ecs:ModifyDiskSpec",
"ecs:ModifyInstanceAttribute",
"ecs:ModifySecurityGroupEgressRule",
"ecs:ModifySecurityGroupRule",
"ecs:RemoveTags",
"ecs:ReplaceSystemDisk",
"ecs:ResizeDisk",
"ecs:RunInstances",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:TagResources",
"ecs:UntagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"pvtz:AddZone",
"pvtz:BindZoneVpc",
"pvtz:DeleteZone",
"pvtz:DescribeZoneInfo",
"pvtz:SetProxyPattern",
"pvtz:TagResources",
"pvtz:UntagResources",
"pvtz:UpdateZoneRemark"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "quotas:ListProductQuotas",
"Effect": "Allow",
"Resource": "acs:quotas:*:*:*"
},
{
"Action": [
"ram:AttachPolicyToRole",
"ram:CreatePolicy",
"ram:CreateRole",
"ram:DeletePolicy",
"ram:DeleteRole",
"ram:DetachPolicyFromRole",
"ram:GetPolicy",
"ram:GetRole",
"ram:ListPoliciesForRole",
"ram:UpdateRole",
"ram:PassRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "rds:DescribeDBInstances",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "slb:DescribeLoadBalancers",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"tag:TagResources",
"tag:UntagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"vpc:AssociateVpcCidrBlock",
"vpc:CreateVSwitch",
"vpc:CreateVpc",
"vpc:DeleteVSwitch",
"vpc:DeleteVpc",
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeVpnGateways",
"vpc:DescribeZones",
"vpc:ModifyVSwitchAttribute",
"vpc:ModifyVpcAttribute",
"vpc:TagResources",
"vpc:UnTagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ros:CreateStack",
"ros:GetStack"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "1"
}
Operation Procedure
AutoMQ Cloud is now available in the Alibaba Cloud Marketplace > Basic Software > Application Development category, providing BYOC private deployment via Alibaba Cloud Compute Nest service.
Currently supports creating BYOC environments in the following Alibaba Cloud regions: North China 1 (Qingdao), North China 2 (Beijing), North China 3 (Zhangjiakou), East China 1 (Hangzhou), East China 2 (Shanghai), South China 1 (Shenzhen), South China 3 (Guangzhou), Hong Kong, Singapore, USA (Silicon Valley), USA (Virginia), and Central Europe (Frankfurt).
- Go to the Alibaba Cloud Marketplace, search for AutoMQ, and find the AutoMQ for Kafka (BYOC Edition) product, or directly visit the service link to enter the service details page.
- Click Create Officially and fill in the necessary information to subscribe for free. At this point, Alibaba Cloud Compute Nest Service will create an AutoMQ BYOC version environment console.
Note:
Each subscription will deploy an environment console. While AutoMQ does not charge for deploying the environment console, running the environment console will consume an ECS machine.
Refer to Glossary▸, generally, it is only recommended to create a new environment console under circumstances such as different networks or different business departments. Within each environment, multiple Kafka instances (clusters) can be created and managed. For detailed concepts about the environment, refer to Overview▸.
- After subscribing, the underlying Compute Nest service will begin deploying the environment console. Users can navigate to Service Instances > My Service Instances > Private Deployment Service to find the instance ID from the previous step and enter the service instance details page to obtain the console access address and initial password.
Note:
When creating an environment, it is recommended by default to access the environment console via a public IP address. If the user's office network is already connected to the Alibaba Cloud VPC via a dedicated line, private network access can be chosen. Users can also add domain name resolution for the AutoMQ Cloud BYOC console.
- Log in using the initial username and password. When you first access the AutoMQ environment console, enter the initial username and password, and then immediately change it to a custom password. The initial username is
admin, and the initial password is the ECS instance ID where the environment console is located.
- Complete BYOC Environment Operations Authorization. The BYOC environment is deployed in the user's VPC, ensuring data security and privacy isolation. However, the BYOC environment will generate system logs, metrics, and other non-business-related system data. After the environment installation is complete, users need to refer to Manage Environment Ops Authing▸ to provide appropriate operations authorization to the AutoMQ service provider, facilitating system stability monitoring and self-healing maintenance operations.
Subsequent Steps
After the environment installation is complete, proceed with the following steps:
- Experience AutoMQ for Kafka Service: After creating the environment, you can enter the environment console to create instances and experience product features. Experience AutoMQ for Kafka▸