Skip to main content
Version: User Guides (BYOC)

Prerequisites

This topic details the prerequisites required for activating the Zilliz Cloud Bring Your Own Cloud (BYOC) license. It's essential to ensure these initial steps are completed before proceeding to the detailed activation steps provided in Activate Your License. The prerequisites outlined here are foundational for a successful and efficient activation process.

Architecture

The following diagram shows the architecture for BYOC deployment. The control plane is hosted within Zilliz Cloud. With necessary authorization, Zilliz Cloud establishes a secure connection via Private Link to access the customer's VPC. It then creates cloud resources and deploys the BYOC components under the customer's cloud account.

byoc_architecture_global

Verify subscription via welcome email

Upon subscribing to a BYOC license, you will receive a welcome email with your subscription details, including your license ID, core size, and validity period. Verify these details for accuracy before proceeding.

welcome-email

Set up your environment

  1. Operating System Compatibility: Ensure that your machine operates on one of the following systems:

    • Linux

    • macOS

    • Windows

  2. Terraform Installation: Zilliz Cloud utilizes Terraform for managing the cloud infrastructure required for BYOC deployment.

    • macOS

      brew tap hashicorp/tap
      brew install hashicorp/tap/terraform
    • CentOS/RHEL

      sudo yum install -y yum-utils
      sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
      sudo yum -y install terraform

    If you use Windows or other Linux distributions, refer to Terraform official documentation for installation.

Prepare your accounts

Activation requires two accounts:

  1. AWS Account: Your Zilliz Cloud BYOC deployment will be hosted within your AWS account. If you do not have an AWS account, create one following the AWS Account Creation Guide. The Zilliz Cloud BYOC solution currently supports the AWS us-west-2 region. For other cloud providers or regions, contact our sales team.

  2. Zilliz Cloud Account: Use the account you provided to Zilliz Cloud technical support during the contract signing process.

Create temporary security credentials

To activate your BYOC license using Terraform scripts, you'll need to provide temporary security credentials. These include an access key and a secret key, for AWS cloud resources. It's advisable to create these credentials solely for the activation process and deactivate them afterward.

Here's how to create temporary security credentials:

  1. Sign in to the IAM console using your AWS account ID and password.

  2. Go to the Access keys section and click Create access key.

  3. On the Retrieve access keys page, choose either Show to reveal the value of your user's secret access key, or Download .csv file. This is your only opportunity to save your secret access key. After you've saved your secret access key in a secure location, choose Done.

For detailed instructions, refer to AWS official documentation.

create-security-credentials

Understand required resources and permissions

Deploying Zilliz Cloud BYOC requires specific cloud resources and permissions within your AWS account.

Resource quotas

Refer to the table below for the necessary cloud resources and services for Zilliz Cloud BYOC activation. If the cloud resources in your current account are insufficient, contact your cloud account administrator to increase quotas.

📘Notes
  • Cloud administrators can monitor resource usage and quotas in the cloud quota dashboard. For details, refer to AWS service quotas.

  • As your cluster is set up across different Availability Zones (AZs) within your Virtual Private Cloud (VPC), you may have to pay for some internal network traffic. For details, refer to AWS EC2 pricing page.

Resource Type

Instance

Min. Config

Virtual Machine

EC2

  • (m6i.xlarge) * 4

  • (m6i.2xlarge) * 4

  • (m6id.4xlarge) * 1

    Total: 64 vCPUs, 256 GiB

Object Storage

S3

0

Block Storage

EBS

550 GB

Public IP

EIP

1

Private Network

VPC

2

Network Channel

PrivateLink

1

Load Balance

AWS LB

1

DNS

DNS Zone

2

IAM permissions

Terraform scripts used in activating Zilliz Cloud BYOC require specific AWS policies and permissions.

The table below summarizes the policies and roles Terraform will create for BYOC license activation.

In the table, the Terraform Resource Identifier column lists the internal names used in Terraform scripts, while the IAM Policy / Role column shows the actual names as they will appear in your AWS account.

Terraform Resource Identifier

IAM Policy / Role

Description

aws_iam_policy.aws_lb_irsa_policy

zilliz-aws-lb-irsa-policy

Manages various aspects of ELB, including creation, modification, and deletion of load balancers and target groups, as well as associated security and tagging permissions, with specific conditions applied to certain actions.

aws_iam_policy.bootstrap_policy

zilliz-bootstrap-policy

Grants permissions for managing AWS resources including EKS, EC2, S3, and Route 53, with specific restrictions and conditions.

aws_iam_policy.cluster_autoscaler_irsa_policy

zilliz-ca-irsa-policy

Allows for managing auto-scaling and EC2 instance operations in AWS, specifically for scaling and termination actions.

aws_iam_policy.ebs_csi_irsa_policy

zilliz-ebs-csi-irsa-policy

Manages EC2 volumes and snapshots, including creation, attachment, detachment, and deletion, with specific conditions for tagging and cluster association.

aws_iam_policy.management_policy

zilliz-management-policy

Allows for managing S3 buckets and objects, creating and tagging IAM policies, scaling EKS node groups, and handling various Elastic Load Balancing (ELB) resources, with restrictions based on specific resource tags and paths.

aws_iam_policy.permission_boundary

zilliz-permission-boundary-policy

Allows actions across various AWS services like ACM, AutoScaling, EC2, EKS, ELB, IAM, Logs, Route 53, S3, and SSM.

aws_iam_policy.zilliz_business_irsa_policy

zilliz-business-irsa-policy

Allows specific S3 actions, such as reading, writing, listing, and deleting objects in buckets prefixed with zilliz-byoc, reflecting targeted S3 access for business-related operations.

aws_iam_role.bootstrap_role

zilliz-bootstrap-role

Secures role assumption with specific conditions, including external ID verification, primarily intended for controlled access within the zilliz-byoc framework.

aws_iam_role.management_role

zilliz-management-role

Secures role assumption, featuring conditions like external ID verification, and is specifically geared for management tasks within the zilliz-byoc framework.

aws_iam_role_policy_attachment.bootstrap_attachment

zilliz-bootstrap-role

Attaches a specific policy to the role zilliz-bootstrap-role, enabling the assignment of predefined permissions to this role.

aws_iam_role_policy_attachment.management_attachment

zilliz-management-role

Attaches a specific policy to the role zilliz-management-role, facilitating the application of predefined permissions to this role.

For a comprehensive understanding of AWS policies and permissions, visit Policies and Permissions in IAM.

Next steps: Activating your BYOC license

Once you have met all the prerequisites outlined above, you are ready to proceed with the steps detailed in Activate Your License to begin your activation process. This will guide you through the specific actions required to activate and utilize your BYOC license on the Zilliz Cloud platform.