Skip to main content
Version: User Guides (BYOC)

Prerequisites

This topic details the prerequisites required for activating the Zilliz Cloud Bring Your Own Cloud (BYOC) license. It's essential to ensure these initial steps are completed before proceeding to the detailed activation steps provided in Activate Your License. The prerequisites outlined here are foundational for a successful and efficient activation process.

Architecture

The following diagram shows the architecture for BYOC deployment. The control plane is hosted within Zilliz Cloud. With necessary authorization, Zilliz Cloud establishes a secure connection via Private Link to access the customer's VPC. It then creates cloud resources and deploys the BYOC components under the customer's cloud account.

byoc_architecture_global

Verify subscription via welcome email

Upon subscribing to a BYOC license, you will receive a welcome email with your subscription details, including your license ID, core size, and validity period. Verify these details for accuracy before proceeding.

welcome-email

Set up your environment

  1. Operating System Compatibility: Ensure that your machine operates on one of the following systems:

    • Linux

    • macOS

    • Windows

  2. Terraform Installation: Zilliz Cloud utilizes Terraform for managing the cloud infrastructure required for BYOC deployment.

    • macOS

      brew tap hashicorp/tap
      brew install hashicorp/tap/terraform
    • CentOS/RHEL

      sudo yum install -y yum-utils
      sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
      sudo yum -y install terraform

    If you use Windows or other Linux distributions, refer to Terraform official documentation for installation.

Prepare your accounts

Activation requires two accounts:

  1. AWS Account: Your Zilliz Cloud BYOC deployment will be hosted within your AWS account. If you do not have an AWS account, create one following the AWS Account Creation Guide. The Zilliz Cloud BYOC solution currently supports the AWS us-west-2 region. For other cloud providers or regions, contact our sales team.

  2. Zilliz Cloud Account: Use the account you provided to Zilliz Cloud technical support during the contract signing process.

Create temporary security credentials

To activate your BYOC license using Terraform scripts, you'll need to provide temporary security credentials. These include an access key and a secret key, for AWS cloud resources. It's advisable to create these credentials solely for the activation process and deactivate them afterward.

Here's how to create temporary security credentials:

  1. Sign in to the IAM console using your AWS account ID and password.

  2. Go to the Access keys section and click Create access key.

  3. On the Retrieve access keys page, choose either Show to reveal the value of your user's secret access key, or Download .csv file. This is your only opportunity to save your secret access key. After you've saved your secret access key in a secure location, choose Done.

For detailed instructions, refer to AWS official documentation.

create-security-credentials

Understand required resources and permissions

Deploying Zilliz Cloud BYOC requires specific cloud resources and permissions within your AWS account.

Resource quotas

Refer to the table below for the necessary cloud resources and services for Zilliz Cloud BYOC activation. If the cloud resources in your current account are insufficient, contact your cloud account administrator to increase quotas.

📘Notes

Cloud administrators can monitor resource usage and quotas in the cloud quota dashboard. For details, refer to AWS service quotas.

Resource TypeInstance
Min. Config
Virtual Machine
EC2
- (m6i.xlarge) * 4
- (m6i.2xlarge) * 4
- (r6id.8xlarge) * 1
Total: 80 vCPUs, 448 GiB
Object StorageS31.3 TB
Block StorageEBS550 GB
Public IPEIP1
Private NetworkVPC
2
Network ChannelPrivateLink1
Load BalanceAWS LB1
DNSDNS Zone2

IAM permissions

Terraform scripts used in activating Zilliz Cloud BYOC require specific AWS policies and permissions.

The table below summarizes the policies and roles Terraform will create for BYOC license activation.

In the table, the Terraform Resource Identifier column lists the internal names used in Terraform scripts, while the IAM Policy / Role column shows the actual names as they will appear in your AWS account.

Terraform Resource IdentifierIAM Policy / RoleDescription
aws_iam_policy.aws_lb_irsa_policyzilliz-aws-lb-irsa-policyManages various aspects of ELB, including creation, modification, and deletion of load balancers and target groups, as well as associated security and tagging permissions, with specific conditions applied to certain actions.
aws_iam_policy.bootstrap_policyzilliz-bootstrap-policyGrants permissions for managing AWS resources including EKS, EC2, S3, and Route 53, with specific restrictions and conditions.
aws_iam_policy.cluster_autoscaler_irsa_policyzilliz-ca-irsa-policyAllows for managing auto-scaling and EC2 instance operations in AWS, specifically for scaling and termination actions.
aws_iam_policy.ebs_csi_irsa_policyzilliz-ebs-csi-irsa-policyManages EC2 volumes and snapshots, including creation, attachment, detachment, and deletion, with specific conditions for tagging and cluster association.
aws_iam_policy.management_policyzilliz-management-policyAllows for managing S3 buckets and objects, creating and tagging IAM policies, scaling EKS node groups, and handling various Elastic Load Balancing (ELB) resources, with restrictions based on specific resource tags and paths.
aws_iam_policy.permission_boundaryzilliz-permission-boundary-policyAllows actions across various AWS services like ACM, AutoScaling, EC2, EKS, ELB, IAM, Logs, Route 53, S3, and SSM.
aws_iam_policy.zilliz_business_irsa_policyzilliz-business-irsa-policyAllows specific S3 actions, such as reading, writing, listing, and deleting objects in buckets prefixed with zilliz-byoc, reflecting targeted S3 access for business-related operations.
aws_iam_role.bootstrap_rolezilliz-bootstrap-roleSecures role assumption with specific conditions, including external ID verification, primarily intended for controlled access within the zilliz-byoc framework.
aws_iam_role.management_rolezilliz-management-roleSecures role assumption, featuring conditions like external ID verification, and is specifically geared for management tasks within the zilliz-byoc framework.
aws_iam_role_policy_attachment.bootstrap_attachment
zilliz-bootstrap-roleAttaches a specific policy to the role zilliz-bootstrap-role, enabling the assignment of predefined permissions to this role.
aws_iam_role_policy_attachment.management_attachmentzilliz-management-roleAttaches a specific policy to the role zilliz-management-role, facilitating the application of predefined permissions to this role.

For a comprehensive understanding of AWS policies and permissions, visit Policies and Permissions in IAM.

Next steps: Activating your BYOC license

Once you have met all the prerequisites outlined above, you are ready to proceed with the steps detailed in Activate Your License to begin your activation process. This will guide you through the specific actions required to activate and utilize your BYOC license on the Zilliz Cloud platform.