Alibaba Cloud
Refer to Overview▸, using AutoMQ Cloud requires prior installation of the environment. This article explains how to use Alibaba Cloud Marketplace to create a BYOC environment with one click.
In this article, the terms AutoMQ product service provider, AutoMQ service provider, and AutoMQ specifically refer to AutoMQ HK Limited.
Prerequisites
Condition 1: Cloud Product Dependencies
To create a BYOC environment on Alibaba Cloud, the user’s Alibaba Cloud account must have the following cloud products enabled in advance; otherwise, it will not be usable.
Elastic Compute Service (ECS), AutoMQ Kafka uses Elastic Compute Service (ECS) to deploy computing nodes.
Object Storage Service (OSS), AutoMQ Kafka uses Object Storage Service (OSS) to store data.
PrivateZone, AutoMQ Kafka uses PrivateZone to provide Kafka cluster endpoint domain name resolution.
Condition 2: Cloud Account Operation Permissions
To create a BYOC environment, the cloud account must be either the primary account or a RAM sub-account that has been granted the necessary operation permissions. If you are using a RAM sub-account on the Alibaba Cloud console, you need to refer to the Alibaba Cloud Compute Nest RAM Authorization Documentation to authorize the account before proceeding with the service activation.
The relevant authorization policies and cloud product lists are divided into two parts:
Authorization Content 1: Access to Compute Nest Products:
To allow a RAM sub-account to access Alibaba Cloud Compute Nest products, the following system permissions must be granted.
AliyunMarketplaceFullAccess: Permission to access Alibaba Cloud Marketplace products.
AliyunComputeNestUserFullAccess: Permission to manage and use Alibaba Cloud Compute Nest products.
AliyunVPCReadOnlyAccess: Permission to read Virtual Private Cloud (VPC).
AliyunOSSReadOnlyAccess: Permission to read Object Storage Service (OSS).
AliyunROSFullAccess: Permission to manage Resource Orchestration Service (ROS).
AliyunCloudMonitorFullAccess: Permission to manage CloudMonitor.
Authorization Content 2: Permissions Required to Install AutoMQ:
To install and deploy AutoMQ using Computing Nest, you also need to grant custom permission policies. Refer to the policy file below:
{
"Statement": [
{
"Action": [
"ecs:AddTags",
"ecs:AllocatePublicIpAddress",
"ecs:AttachKeyPair",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:ConfigureSecurityGroupPermissions",
"ecs:CreateSecurityGroup",
"ecs:DeleteInstance",
"ecs:DeleteSecurityGroup",
"ecs:DescribeAvailableResource",
"ecs:DescribeDedicatedHosts",
"ecs:DescribeDisks",
"ecs:DescribeImageSupportInstanceTypes",
"ecs:DescribeImages",
"ecs:DescribeInstanceAutoRenewAttribute",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeInstances",
"ecs:DescribeKeyPairs",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribePrice",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSnapshots",
"ecs:DescribeUserData",
"ecs:DetachKeyPair",
"ecs:JoinResourceGroup",
"ecs:ModifyDiskSpec",
"ecs:ModifyInstanceAttribute",
"ecs:ModifySecurityGroupEgressRule",
"ecs:ModifySecurityGroupRule",
"ecs:RemoveTags",
"ecs:ReplaceSystemDisk",
"ecs:ResizeDisk",
"ecs:RunInstances",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:TagResources",
"ecs:UntagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"pvtz:AddZone",
"pvtz:BindZoneVpc",
"pvtz:DeleteZone",
"pvtz:DescribeZoneInfo",
"pvtz:SetProxyPattern",
"pvtz:TagResources",
"pvtz:UntagResources",
"pvtz:UpdateZoneRemark"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "quotas:ListProductQuotas",
"Effect": "Allow",
"Resource": "acs:quotas:*:*:*"
},
{
"Action": [
"ram:AttachPolicyToRole",
"ram:CreatePolicy",
"ram:CreateRole",
"ram:DeletePolicy",
"ram:DeleteRole",
"ram:DetachPolicyFromRole",
"ram:GetPolicy",
"ram:GetRole",
"ram:ListPoliciesForRole",
"ram:UpdateRole",
"ram:PassRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "rds:DescribeDBInstances",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "slb:DescribeLoadBalancers",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"tag:TagResources",
"tag:UntagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"vpc:AssociateVpcCidrBlock",
"vpc:CreateVSwitch",
"vpc:CreateVpc",
"vpc:DeleteVSwitch",
"vpc:DeleteVpc",
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeVpnGateways",
"vpc:DescribeZones",
"vpc:ModifyVSwitchAttribute",
"vpc:ModifyVpcAttribute",
"vpc:TagResources",
"vpc:UnTagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ros:CreateStack",
"ros:GetStack"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "1"
}
Operational Procedure
AutoMQ Cloud is now available in the Alibaba Cloud Marketplace > Basic Software > Application Development category, under the product name AutoMQ for Kafka (BYOC Pay-As-You-Go Edition).
Currently, it supports creating a BYOC environment in the following Alibaba Cloud regions: North China 1 (Qingdao), North China 2 (Beijing), North China 3 (Zhangjiakou), East China 1 (Hangzhou), East China 2 (Shanghai), South China 1 (Shenzhen), South China 3 (Guangzhou), Hong Kong, Singapore, US (Silicon Valley), US (Virginia), Central Europe (Frankfurt).
- Go to the Cloud Marketplace and search for AutoMQ for Kafka. Find the product AutoMQ for Kafka (BYOC Pay-as-you-go Edition), or directly access the product page through the provided link.
- Click Activate Now, fill in the relevant information to subscribe for free. At this time, the Alibaba Cloud Marketplace will invoke the Alibaba Cloud Computing Nest Service to create an AutoMQ BYOC Edition environment console.
Note:
Each time a subscription is activated, an environment console is deployed. Deploying the environment console itself does not incur charges from AutoMQ, but running the environment console requires one ECS machine.
Refer to Glossary▸ for more information. It is generally recommended to create a new environment console only under circumstances involving different networks or different business department affiliations. Within each environment, multiple Kafka instances (clusters) can be created and managed. For a detailed concept of environments, refer to Overview▸.
After subscribing, the underlying Compute Nest service begins deploying the environment console. Users can navigate to Cloud Marketplace Buyer Console > Purchased Services > AutoMQ for Kafka (BYOC Pay-as-You-Go Edition) to view details and obtain the console access address.
Note:
When creating an environment, it is recommended to access the environment console via a public IP address by default. If the user’s office network is already connected to the Alibaba Cloud VPC through a dedicated line, they can choose the private network access method. Users can also add domain name resolution for the AutoMQ Cloud BYOC console.
Next Steps
After the environment installation is complete, you can proceed with the following steps:
- Experience AutoMQ for Kafka Service: After completing the environment creation, you can access the environment console to create instances and experience product features. Experience AutoMQ for Kafka▸