Alibaba Cloud
Refer to the Overview▸, using AutoMQ Cloud requires an initial environment setup. This article explains how to use Alibaba Cloud's marketplace to create a BYOC environment with a single click.
In this article, the terms AutoMQ product service provider, AutoMQ service provider, and AutoMQ specifically refer to AutoMQ HK Limited.
Prerequisites
Condition 1: Cloud Product Dependencies
To create a BYOC environment on Alibaba Cloud, the user’s Alibaba Cloud account must have the following cloud products enabled in advance; otherwise, it will not be usable.
Elastic Compute Service (ECS), AutoMQ Kafka uses Elastic Compute Service (ECS) to deploy computing nodes.
Object Storage Service (OSS), AutoMQ Kafka uses Object Storage Service (OSS) to store data.
PrivateZone, AutoMQ Kafka uses PrivateZone to provide Kafka cluster endpoint domain name resolution.
Condition 2: Cloud Account Operation Permissions
To create a BYOC environment, the cloud account must be either the primary account or a RAM sub-account that has been granted the necessary operation permissions. If you are using a RAM sub-account on the Alibaba Cloud console, you need to refer to the Alibaba Cloud Compute Nest RAM Authorization Documentation to authorize the account before proceeding with the service activation.
The relevant authorization policies and cloud product lists are divided into two parts:
Authorization Content 1: Access to Compute Nest Products:
To allow a RAM sub-account to access Alibaba Cloud Compute Nest products, the following system permissions must be granted.
AliyunMarketplaceFullAccess: Permission to access Alibaba Cloud Marketplace products.
AliyunComputeNestUserFullAccess: Permission to manage and use Alibaba Cloud Compute Nest products.
AliyunVPCReadOnlyAccess: Permission to read Virtual Private Cloud (VPC).
AliyunOSSReadOnlyAccess: Permission to read Object Storage Service (OSS).
AliyunROSFullAccess: Permission to manage Resource Orchestration Service (ROS).
AliyunCloudMonitorFullAccess: Permission to manage CloudMonitor.
Authorization Content 2: Permissions Required to Install AutoMQ:
To install and deploy AutoMQ using Computing Nest, you also need to grant custom permission policies. Refer to the policy file below:
{
"Statement": [
{
"Action": [
"ecs:AddTags",
"ecs:AllocatePublicIpAddress",
"ecs:AttachKeyPair",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:ConfigureSecurityGroupPermissions",
"ecs:CreateSecurityGroup",
"ecs:DeleteInstance",
"ecs:DeleteSecurityGroup",
"ecs:DescribeAvailableResource",
"ecs:DescribeDedicatedHosts",
"ecs:DescribeDisks",
"ecs:DescribeImageSupportInstanceTypes",
"ecs:DescribeImages",
"ecs:DescribeInstanceAutoRenewAttribute",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeInstances",
"ecs:DescribeKeyPairs",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribePrice",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSnapshots",
"ecs:DescribeUserData",
"ecs:DetachKeyPair",
"ecs:JoinResourceGroup",
"ecs:ModifyDiskSpec",
"ecs:ModifyInstanceAttribute",
"ecs:ModifySecurityGroupEgressRule",
"ecs:ModifySecurityGroupRule",
"ecs:RemoveTags",
"ecs:ReplaceSystemDisk",
"ecs:ResizeDisk",
"ecs:RunInstances",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:TagResources",
"ecs:UntagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"pvtz:AddZone",
"pvtz:BindZoneVpc",
"pvtz:DeleteZone",
"pvtz:DescribeZoneInfo",
"pvtz:SetProxyPattern",
"pvtz:TagResources",
"pvtz:UntagResources",
"pvtz:UpdateZoneRemark"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "quotas:ListProductQuotas",
"Effect": "Allow",
"Resource": "acs:quotas:*:*:*"
},
{
"Action": [
"ram:AttachPolicyToRole",
"ram:CreatePolicy",
"ram:CreateRole",
"ram:DeletePolicy",
"ram:DeleteRole",
"ram:DetachPolicyFromRole",
"ram:GetPolicy",
"ram:GetRole",
"ram:ListPoliciesForRole",
"ram:UpdateRole",
"ram:PassRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "rds:DescribeDBInstances",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "slb:DescribeLoadBalancers",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"tag:TagResources",
"tag:UntagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"vpc:AssociateVpcCidrBlock",
"vpc:CreateVSwitch",
"vpc:CreateVpc",
"vpc:DeleteVSwitch",
"vpc:DeleteVpc",
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeVpnGateways",
"vpc:DescribeZones",
"vpc:ModifyVSwitchAttribute",
"vpc:ModifyVpcAttribute",
"vpc:TagResources",
"vpc:UnTagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ros:CreateStack",
"ros:GetStack"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "1"
}
Operation Procedure
AutoMQ Cloud is now available in the Alibaba Cloud Marketplace > Basic Software > Application Development category, providing BYOC private deployment via Alibaba Cloud Compute Nest service.
Currently supports creating BYOC environments in the following Alibaba Cloud regions: North China 1 (Qingdao), North China 2 (Beijing), North China 3 (Zhangjiakou), East China 1 (Hangzhou), East China 2 (Shanghai), South China 1 (Shenzhen), South China 3 (Guangzhou), Hong Kong, Singapore, USA (Silicon Valley), USA (Virginia), and Central Europe (Frankfurt).
- Navigate to the Compute Nest product console and search for AutoMQ. Locate the product AutoMQ for Kafka BYOC (Licensed Version) or directly access the service link to enter the service details page.
- Click Create Officially and fill in the necessary information to subscribe for free. At this point, Alibaba Cloud Compute Nest Service will create an AutoMQ BYOC version environment console.
Note:
Each subscription will deploy an environment console. While AutoMQ does not charge for deploying the environment console, running the environment console will consume an ECS machine.
Refer to the Glossary▸, it is generally recommended to create a new environment console only under different network conditions and different business department affiliations. Within each environment, multiple Kafka instances (clusters) can be created and managed. For a detailed concept of environments, refer to the Overview▸.
- After subscribing, the underlying Compute Nest service will begin deploying the environment console. Users can navigate to Service Instances > My Service Instances > Private Deployment Service to find the instance ID from the previous step and enter the service instance details page to obtain the console access address and initial password.
Note:
When creating an environment, it is recommended by default to access the environment console via a public IP address. If the user's office network is already connected to the Alibaba Cloud VPC via a dedicated line, private network access can be chosen. Users can also add domain name resolution for the AutoMQ Cloud BYOC console.
- Log in using the initial username and password. When you first access the AutoMQ environment console, enter the initial username and password, and then immediately change it to a custom password. The initial username is
admin
, and the initial password is the ECS instance ID where the environment console is located.
- Complete the BYOC environment operations authorization. The BYOC environment is deployed in the user's VPC, providing data security and privacy isolation. However, the BYOC environment will generate system logs, metrics, and other system data unrelated to business operations. After the environment installation is complete, users need to refer to Manage Environment Ops Authing▸ to provide appropriate operations authorization to the AutoMQ service provider. This facilitates system stability monitoring and fault self-healing by the AutoMQ service provider.
Subsequent Steps
After the environment installation is complete, proceed with the following steps:
- Experience AutoMQ for Kafka Services: After the environment setup is complete, you can enter the environment console to create instances and explore product features. Experience AutoMQ for Kafka▸