Deploy BYOC on AWSPrivate Preview
This page describes how to manually create a project in your Zilliz Cloud Bring-Your-Own-Cloud (BYOC) organization using the Zilliz Cloud console and custom AWS configurations.
Prerequisites
- You must be a BYOC organization owner.
Procedure
To deploy BYOC on AWS, Zilliz Cloud needs to assume specific roles to access the S3 bucket and the EKS cluster within a customer-managed VPC on your behalf. Consequently, Zilliz Cloud needs to gather information about your S3 bucket, EKS cluster, and VPC, along with the roles necessary for accessing these infrastructure resources.
There are two options for you to provision the infrastructure for your BYOC project. You can either
-
Use a Terraform script to provision the infrastructure, or
If you prefer to use a Terraform script to provision the infrastructure, you still need to copy and paste the script output back to Zilliz Cloud. For details, see Bootstrap Project Infrastructure (Terraform).
-
Use the AWS console to create necessary resources and roles.
The following procedure is designed to use the Zilliz Cloud console to collect the necessary information about your infrastructure.
Go to the Zilliz Cloud console and click Create Project and Deploy Data Plane. The procedure consists of three sections, namely
General Settings
In General Settings, you need to set the project name, determine the cloud providers and regions, and determine the types of instances used in the project.
-
Set Project Name.
-
Select Cloud Provider and Region.
-
(Optional) Configure Instance Settings.
In a BYOC project, the search service, fundamental database components, and core support services use different instances. You can set instance types for these services and components.
For details, see Instance Settings.
-
Click Next to configure credentials settings.
Credential Settings
In Credential Settings, you must set up the storage and several IAM roles for storage access, EKS cluster management, and data-plane deployment.
-
Follow the steps listed to configure storage, EKS, and cross-account settings.
-
In Storage settings, set Bucket Name and IAM Role ARN obtained from AWS.
Zilliz Cloud will use the specified bucket as the data-plane storage and access it on your behalf using the specified IAM role.
For more on the procedure for creating an S3 bucket, read Create S3 Bucket and IAM Role.
-
In EKS Settings, set IAM Role ARN for EKS management.
Zilliz Cloud will use the specified role to deploy an EKS cluster on your behalf and deploy the data plane in the EKS cluster.
For more on the procedure for creating an EKS role, read Create EKS IAM Role.
-
In Cross-Account Settings, set IAM Role ARN for data-plane deployment.
Zilliz Cloud will use the specified role to deploy the data plane of the Zilliz Cloud BYOC project.
For more on the procedure for creating the cross-account role, read Create Cross-Account IAM Role.
-
-
Click Next to configure network settings.
Network Settings
In Network Settings, you need to create a VPC and several types of resources, such as subnets, security group, and optional VPC endpoint in the VPC.
-
In Network Settings, set the VPC ID, Subnet IDs, the Security Group ID, and the optional VPC endpoint ID.
In the specified VPC, Zilliz Cloud requires
-
A public subnet and three private subnets.
-
A security group, and
-
An optional VPC endpoint.
For more on the procedure for creating a VPC and the resources within, refer to Configure a Customer-Managed VPC.
-
-
Click Next to view the summary.
-
In Deployment Summary, review the configurations.
-
Click Create if everything is as expected.
Instance Settings
During the project deployment, Zilliz Cloud creates the fundamental database components and core support services. When the project is ready, you can create clusters in the project. At this point, Zilliz Cloud creates instances for search services on your behalf.
You need to determine the types of instances to create for each component listed below during the deployment.
Components | Licenses consumed per instance | Instance type | Instances required for initial deployment | Description |
|---|---|---|---|---|
Search service | 16 | m6id.4xlarge | 0 | Instances solely used for query services |
Fundamental database components | 8 | m6i.2xlarge | 1 | Instances used for fundamental database components, which are mainly used as the index pool |
Core support services | 0 | m6i.2xlarge | 3 | Instances used for peripheral support services, including Milvus Operator, Zilliz Cloud Agent, and Milvus dependencies for logging, monitoring, and alerting |
If the instance settings are left unconfigured, the default settings listed above will apply.
View deployment details
After you create a project, you can view its status on the project page.
Create S3 Bucket and IAM Role [READ MORE]
This page describes how to create and configure root storage for a Bring-Your-Own-Cloud (BYOC) project with proper permissions.
Create EKS IAM Role [READ MORE]
This page describes how to create and configure an IAM role for Zilliz Cloud to deploy an EKS cluster for your Zilliz Cloud project.
Create Cross-Account IAM Role [READ MORE]
This page describes how to create and configure a cross-account role for Zilliz Cloud to bootstrap your project. This role gives Zilliz Cloud restricted permissions to manage VPC resources on your behalf.
Configure a Customer-Managed VPC [READ MORE]
The Zilliz Cloud Bring-Your-Own-Cloud (BYOC) solution enables you to set up a project within your own Virtual Private Cloud (VPC). With a Zilliz Cloud project running in a customer-managed VPC, you gain greater control over your network configurations, allowing you to meet specific cloud security and governance standards required by your organization.
Bootstrap Infrastructure (Terraform) [READ MORE]
This page demonstrates how to use Terraform to bootstrap the infrastructure for a Zilliz Cloud BYOC project, including creating an S3 bucket, all related roles, and a qualified VPC.
Permissions in Roles [READ MORE]
This page lists all IAM permissions that Zilliz Cloud requires to perform operations on your behalf.