Manage organization virtual private clouds (VPCs) in Aiven Limited availability

Set up or delete an organization-wide VPC on the Aiven Platform. Enable new Aiven projects in the organization VPC or migrate existing Aiven projects to the organization VPC. Access resources within the organization VPC from the public internet.

Prerequisites

• Manage organization networking permissions
• One of the following tools for operating organization VPCs:
  • Aiven Console
  • Aiven CLI
  • Aiven API
  • Aiven Provider for Terraform

Create an organization VPC

Create an organization VPC using a tool of your choice:

Aiven Console

1. Log in to the Aiven Console, and click Admin in the top navigation bar.
2. Click VPCs in the sidebar and Create VPC on the Virtual private clouds page.
3. In the Create VPC window:

   1. Select a cloud provider.

   2. Select a cloud region.

   3. Specify an IP range.

      • Use an IP range that does not overlap with any networks to be connected via VPC peering. For example, if your own networks use the range 11.1.1.0/8, you can set the range for your Aiven organization's VPC to 191.161.1.0/24.
      • Use a network prefix that is 20-24 character long.

   4. Click Create VPC.

Your new organization VPC is ready to use as soon as its status visible on the Virtual private clouds page changes to Active.

Aiven CLI

Run the avn organization vpc create command:

avn organization vpc create         \
  --cloud CLOUD_PROVIDER_REGION     \
  --network-cidr NETWORK_CIDR       \
  --organization-id ORGANIZATION_ID

Replace the following:

• CLOUD_PROVIDER_REGION with the cloud provider and region to host the VPC, for example aws-eu-west-1
• NETWORK_CIDR with the CIDR block (a range of IP addresses) for the VPC, for example, 10.0.0.0/24
• ORGANIZATION_ID with the ID of your Aiven organization where to create the VPC, for example, org1a2b3c4d5e6

Aiven API

Make an API call to the OrganizationVpcCreate endpoint:

curl --request POST \
  --url https://api.aiven.io/v1/organization/ORGANIZATION_ID/vpcs \
  --header 'Authorization: Bearer BEARER_TOKEN' \
  --header 'content-type: application/json' \
  --data '
    {
      "cloud_name": "CLOUD_PROVIDER_REGION",
      "network_cidr": "NETWORK_CIDR"
    }
  '

Replace the following placeholders with meaningful data:

• ORGANIZATION_ID
• BEARER_TOKEN
• CLOUD_PROVIDER_REGION
• NETWORK_CIDR

Aiven Provider for Terraform

Use the aiven_organization_vpc resource.

Create a service in an organization VPC

Your organization VPC is available as a geolocation (cloud region) for the new service.

note

You can create a service in an organization VPC only if:

• The organization VPC is in the same organization where you are creating the service.
• For the service to be created, you use the cloud provider and region that hosts the organization VPC.

Create a service in an organization VPC using a tool of your choice:

Aiven Console

Set your organization VPC as a cloud region for the new service:

1. From your project, in the Services page, click Create service.

2. From the Select service page, click the service type of your choice.

3. Select the cloud provider and region to host your service on.

   note

   The pricing for the same service can vary between different providers and regions. The service summary shows you the pricing for your selected options.

4. Select a service plan.

   note

   This determines the number of servers and the memory, CPU, and disk resources allocated to your service. See Plans & Pricing.

5. Optional: Add disk storage.

6. Enter a name for your service.

   important

   You cannot change the name after you create the service.

   You can fork the service with a new name instead.

7. Optional: Add tags.

8. Click Create service.

The Overview page of the service opens. It shows the connection parameters for your service, its current status, and the configuration options.

The status of the service is Rebuilding during its creation. When the status becomes Running, you can start using the service. This typically takes couple of minutes and can vary between cloud providers and regions.

Aiven CLI

Run avn service create:

avn service create SERVICE_NAME        \
  --project PROJECT_NAME               \
  --project-vpc-id ORGANIZATION_VPC_ID \
  --service-type SERVICE_TYPE          \
  --plan SERVICE_PLAN                  \
  --cloud CLOUD_PROVIDER_REGION

Replace the following:

• SERVICE_NAME with the name of the service to be created, for example, pg-vpc-test
• PROJECT_NAME with the name of the project where to create the service, for example, pj-test
• ORGANIZATION_VPC_ID with the ID of your organization VPC, for example, 12345678-1a2b-3c4d-5f6g-1a2b3c4d5e6f
• SERVICE_TYPE with the type of the service to be created, for example, pg
• SERVICE_PLAN with the plan of the service to be created, for example, hobbyist
• CLOUD_PROVIDER_REGION with the cloud provider and region to host the organization VPC, for example aws-eu-west-1

Aiven API

Make an API call to the ServiceCreate endpoint:

curl --request POST \
  --url https://api.aiven.io/v1/project/PROJECT_NAME/service \
  --header 'Authorization: Bearer BEARER_TOKEN' \
  --header 'content-type: application/json' \
  --data-raw '
    {
      "service_name": "SERVICE_NAME",
      "cloud": "CLOUD_PROVIDER_REGION",
      "plan": "SERVICE_PLAN",
      "service_type": "SERVICE_TYPE",
      "disk_space_mb": DISK_SIZE,
      "project_vpc_id":"ORGANIZATION_VPC_ID"
    }
  '

Replace the following placeholders with meaningful data:

• PROJECT_NAME, for example org-vpc-test
• BEARER_TOKEN
• SERVICE_NAME, for example org-vpc-test-project
• CLOUD_PROVIDER_REGION, for example google-europe-west10
• SERVICE_PLAN, for example startup-4
• SERVICE_TYPE, for example pg
• DISK_SIZE in MiB, for example 81920
• ORGANIZATION_VPC_ID

Migrate a service to an organization VPC

Your organization VPC is available as a geolocation (cloud region) for your service.

note

You can only migrate a service to an organization VPC if:

• The organization VPC is in the same organization where the service runs.
• The service and the organization VPC are hosted using the same cloud provider and region.

Migrate a service to an organization VPC using a tool of your choice:

Aiven Console

1. In Aiven Console, open your service and click Service settings.
2. In the Cloud and network section, click Actions > Change cloud or region.
3. In the Region section, go to the VPCs tab, select your organization VPC and click Migrate.

Aiven CLI

Run avn service update:

avn service update SERVICE_NAME        \
  --project-vpc-id ORGANIZATION_VPC_ID \
  --project PROJECT_NAME

Replace the following:

• SERVICE_NAME with the name of the service to be migrated, for example, pg-test
• ORGANIZATION_VPC_ID with the ID of your organization VPC where to migrate the service, for example, 12345678-1a2b-3c4d-5f6g-1a2b3c4d5e6f
• PROJECT_NAME with the name of the project where your service resides, for example, pj-test

Aiven API

Call the ServiceUpdte endpoint to set vpc_id of the service to the ID of your organization VPC:

curl --request PUT \
  --url https://api.aiven.io/v1/project/PROJECT_NAME/service/SERVICE_NAME \
  -H 'Authorization: Bearer BEARER_TOKEN' \
  -H 'content-type: application/json' \
  --data '{"project_vpc_id": "ORGANIZATION_VPC_ID"}'

Replace the following placeholders with meaningful data:

• PROJECT_NAME, for example org-vpc-test
• SERVICE_NAME, for example org-vpc-service
• BEARER_TOKEN
• ORGANIZATION_VPC_ID

Delete an organization VPC

important

Remove all services from your VCP before you delete it. To remove the services from the VCP, either migrate them out of the VCP or delete them. Deleting the VPC terminates its peering connections, if any.

Delete an organization VPC using a tool of your choice:

Aiven Console

1. Log in to the Aiven Console, and click Admin in the top navigation bar.
2. Click VPCs in the sidebar.
3. On the Virtual private clouds page, find a VPC to be deleted and click Actions > Delete.
4. In the Confirmation window, click Delete VPC.

Aiven CLI

Run the avn organization vpc delete command:

avn organization vpc delete                     \
  --organization-id ORGANIZATION_ID             \
  --organization-vpc-id ORGANIZATION_VPC_ID

Replace the following:

• ORGANIZATION_ID with the ID of your Aiven organization, for example, org1a2b3c4d5e6
• ORGANIZATION_VPC_ID with the ID of your Aiven organization VPC, for example, 12345678-1a2b-3c4d-5f6g-1a2b3c4d5e6f

Aiven API

Make an API call to the OrganizationVpcDelete endpoint:

curl --request DELETE \
  --url https://api.aiven.io/v1/organization/ORGANIZATION_ID/vpcs/ORGANIZATION_VPC_ID \
  --header 'Authorization: Bearer BEARER_TOKEN' \

Replace the following placeholders with meaningful data:

• ORGANIZATION_ID
• ORGANIZATION_VPC_ID
• BEARER_TOKEN

Related pages

• VPC peering
• Manage organization VPC peering connections