Deploy BYOC on AWS

Private Preview

This page describes how to manually create a project in your Zilliz Cloud Bring-Your-Own-Cloud (BYOC) organization using the Zilliz Cloud console and custom AWS configurations.

Prerequisites

• You must be a BYOC organization owner.

Procedure

To deploy BYOC on AWS, Zilliz Cloud needs to assume specific roles to access the S3 bucket and the EKS cluster within a customer-managed VPC on your behalf. Consequently, Zilliz Cloud needs to gather information about your S3 bucket, EKS cluster, and VPC, along with the roles necessary for accessing these infrastructure resources.

Click the Create Project and Deploy Data Plane button to start the deployment.

General Settings

In General Settings, you need to set the project name, determine the cloud providers and regions, and choose the way for Zilliz Cloud to create the project and deploy the data plane.

1. Set Project Name.

2. Select Cloud Provider and Region.

3. (Optional) Configure Instance Settings.

   In a BYOC project, the search service, fundamental database components, and core support services use different instances. You can set instance types for these services and components.

   For details, see Instance Settings.

4. Choose the way for Zilliz Cloud to carry on the task in Deploy Method.

   There are three options for you to provision the infrastructure for your BYOC project on AWS. You can either

   • Use AWS CloudFormation to provision the infrastructure.

     If you prefer to use AWS CloudFormation to provision the data plane infrastructure for the project, select the Quickstart tile in the Deploy Method section. This is also the recommended method for starting a BYOC project.

     If you decide to use AWS CloudFormation, click Next, and you will be prompted with the following dialog box to choose whether to deploy the project to a new VPC or an existing VPC.

     

     Then, you can click Create Stack with CloudFormation to start deploying the project.

   • Use a Terraform script to provision the infrastructure.

     If you prefer to use a Terraform script to provision the infrastructure, you need to copy and paste the script output back to Zilliz Cloud. For details, see Bootstrap Project Infrastructure (Terraform).

     Note that you still need to fill in the information the Terraform script returns back to the Zilliz Cloud console, as specified in Credential Settings and Network Settings.

   • Use the AWS console to create necessary resources and roles.

     You need to create necessary resources, such as a storage bucket and several IAM roles, on the AWS console. Then, copy and paste their names and IDs back to the Zilliz Cloud console. If you prefer to create the project this way, select the Manually tile in the Deploy Method section and click Next.

     Zilliz Cloud splits the process into Credential Settings and Network Settings to facilitate your configurations,

Credential Settings

In Credential Settings, you must set up the storage and several IAM roles for storage access, EKS cluster management, and data-plane deployment.

1. Follow the steps listed below to configure storage, EKS, and cross-account settings.

   1. In Storage settings, set Bucket Name and IAM Role ARN obtained from AWS.

      Zilliz Cloud will use the specified bucket as the data-plane storage and access it on your behalf using the specified IAM role.

      For more on the procedure for creating an S3 bucket, read Create S3 Bucket and IAM Role.

   2. In EKS Settings, set IAM Role ARN for EKS management.

      Zilliz Cloud will use the specified role to deploy an EKS cluster on your behalf and deploy the data plane in the EKS cluster.

      For more on the procedure for creating an EKS role, read Create EKS IAM Role.

   3. In Cross-Account Settings, set IAM Role ARN for data-plane deployment.

      Zilliz Cloud will use the specified role to deploy the data plane of the Zilliz Cloud BYOC project.

      For more on the procedure for creating the cross-account role, read Create Cross-Account IAM Role.

2. Click Next to configure network settings.

Network Settings

In Network Settings, you need to create a VPC and several types of resources, such as subnets, security group, and optional VPC endpoint in the VPC.

1. In Network Settings, set the VPC ID, Subnet IDs, the Security Group ID, and the optional VPC endpoint ID.

   In the specified VPC, Zilliz Cloud requires

   • A public subnet and three private subnets.

   • A security group, and

   • An optional VPC endpoint.

   For more on the procedure for creating a VPC and the resources within, refer to Configure a Customer-Managed VPC.

2. Click Next to view the summary.

3. In Deployment Summary, review the configurations.

4. Click Create if everything is as expected.

Instance Settings

During the project deployment, Zilliz Cloud creates the fundamental database components and core support services. When the project is ready, you can create clusters in the project. At this point, Zilliz Cloud creates instances for search services on your behalf.

You need to determine the types of instances to create for each component listed below during the deployment.

Components	Licenses consumed per instance	Instance type	Description
Search service	16	m6id.4xlarge	Instances solely used for query services
Fundamental database components	8	m6i.2xlarge	Instances used for fundamental database components, which are mainly used as the index pool
Core support services	0	m6i.2xlarge	Instances used for peripheral support services, including Milvus Operator, Zilliz Cloud Agent, and Milvus dependencies for logging, monitoring, and alerting

If the instance settings are left unconfigured, the default settings listed above will apply.

View deployment details

After you create a project, you can view its status on the project page.

Create S3 Bucket and IAM Role [READ MORE]

This page describes how to create and configure root storage for a Bring-Your-Own-Cloud (BYOC) project with proper permissions.

Create EKS IAM Role [READ MORE]

This page describes how to create and configure an IAM role for Zilliz Cloud to deploy an EKS cluster for your Zilliz Cloud project.

Create Cross-Account IAM Role [READ MORE]

This page describes how to create and configure a cross-account role for Zilliz Cloud to bootstrap your project. This role gives Zilliz Cloud restricted permissions to manage VPC resources on your behalf.

Configure a Customer-Managed VPC [READ MORE]

The Zilliz Cloud Bring-Your-Own-Cloud (BYOC) solution enables you to set up a project within your own Virtual Private Cloud (VPC). With a Zilliz Cloud project running in a customer-managed VPC, you gain greater control over your network configurations, allowing you to meet specific cloud security and governance standards required by your organization.

Bootstrap Infrastructure (Terraform) [READ MORE]

This page demonstrates how to use Terraform to bootstrap the infrastructure for a Zilliz Cloud BYOC project, including creating an S3 bucket, all related roles, and a qualified VPC.

Permissions in Roles [READ MORE]

This page lists all IAM permissions that Zilliz Cloud requires to perform operations on your behalf.