Manage organization virtual private clouds (VPCs) in Aiven Limited availability
Set up or delete an organization-wide VPC on the Aiven Platform. Enable new Aiven projects in the organization VPC or migrate existing Aiven projects to the organization VPC. Access resources within the organization VPC from the public internet.
Prerequisites
- Manage organization networking permissions
- One of the following tools for operating organization VPCs:
Create an organization VPC
Create an organization VPC using a tool of your choice:
- Aiven Console
- Aiven CLI
- Aiven API
- Aiven Provider for Terraform
- Log in to the Aiven Console, and click Admin in the top navigation bar.
- Click VPCs in the sidebar and Create VPC on the Virtual private clouds page.
- In the Create VPC window:
-
Select a cloud provider.
-
Select a cloud region.
-
Specify an IP range.
- Use an IP range that does not overlap with any networks to be connected via VPC
peering. For example, if your own networks use the range
11.1.1.0/8
, you can set the range for your Aiven organization's VPC to191.161.1.0/24
. - Use a network prefix that is 20-24 character long.
- Use an IP range that does not overlap with any networks to be connected via VPC
peering. For example, if your own networks use the range
-
Click Create VPC.
-
Your new organization VPC is ready to use as soon as its status visible on the Virtual private clouds page changes to Active.
Run the avn organization vpc create
command:
avn organization vpc create \
--cloud CLOUD_PROVIDER_REGION \
--network-cidr NETWORK_CIDR \
--organization-id ORGANIZATION_ID
Replace the following:
CLOUD_PROVIDER_REGION
with the cloud provider and region to host the VPC, for exampleaws-eu-west-1
NETWORK_CIDR
with the CIDR block (a range of IP addresses) for the VPC, for example,10.0.0.0/24
ORGANIZATION_ID
with the ID of your Aiven organization where to create the VPC, for example,org1a2b3c4d5e6
Make an API call to the OrganizationVpcCreate endpoint:
curl --request POST \
--url https://api.aiven.io/v1/organization/ORGANIZATION_ID/vpcs \
--header 'Authorization: Bearer BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '
{
"cloud_name": "CLOUD_PROVIDER_REGION",
"network_cidr": "NETWORK_CIDR"
}
'
Replace the following placeholders with meaningful data:
ORGANIZATION_ID
BEARER_TOKEN
CLOUD_PROVIDER_REGION
NETWORK_CIDR
Use the aiven_organization_vpc resource.
Create a service in an organization VPC
Your organization VPC is available as a geolocation (cloud region) for the new service.
You can create a service in an organization VPC only if:
- The organization VPC is in the same organization where you are creating the service.
- For the service to be created, you use the cloud provider and region that hosts the organization VPC.
Create a service in an organization VPC using a tool of your choice:
- Aiven Console
- Aiven CLI
- Aiven API
Set your organization VPC as a cloud region for the new service:
-
From your project, in the Services page, click Create service.
-
From the Select service page, click the service type of your choice.
-
Select the cloud provider and region to host your service on.
noteThe pricing for the same service can vary between different providers and regions. The service summary shows you the pricing for your selected options.
-
Select a service plan.
noteThis determines the number of servers and the memory, CPU, and disk resources allocated to your service. See Plans & Pricing.
-
Optional: Add disk storage.
-
Enter a name for your service.
importantYou cannot change the name after you create the service.
You can fork the service with a new name instead.
-
Optional: Add tags.
-
Click Create service.
The Overview page of the service opens. It shows the connection parameters for your service, its current status, and the configuration options.
The status of the service is Rebuilding during its creation. When the status becomes Running, you can start using the service. This typically takes couple of minutes and can vary between cloud providers and regions.
Run avn service create:
avn service create SERVICE_NAME \
--project PROJECT_NAME \
--project-vpc-id ORGANIZATION_VPC_ID \
--service-type SERVICE_TYPE \
--plan SERVICE_PLAN \
--cloud CLOUD_PROVIDER_REGION
Replace the following:
SERVICE_NAME
with the name of the service to be created, for example,pg-vpc-test
PROJECT_NAME
with the name of the project where to create the service, for example,pj-test
ORGANIZATION_VPC_ID
with the ID of your organization VPC, for example,12345678-1a2b-3c4d-5f6g-1a2b3c4d5e6f
SERVICE_TYPE
with the type of the service to be created, for example,pg
SERVICE_PLAN
with the plan of the service to be created, for example,hobbyist
CLOUD_PROVIDER_REGION
with the cloud provider and region to host the organization VPC, for exampleaws-eu-west-1
Make an API call to the ServiceCreate endpoint:
curl --request POST \
--url https://api.aiven.io/v1/project/PROJECT_NAME/service \
--header 'Authorization: Bearer BEARER_TOKEN' \
--header 'content-type: application/json' \
--data-raw '
{
"service_name": "SERVICE_NAME",
"cloud": "CLOUD_PROVIDER_REGION",
"plan": "SERVICE_PLAN",
"service_type": "SERVICE_TYPE",
"disk_space_mb": DISK_SIZE,
"project_vpc_id":"ORGANIZATION_VPC_ID"
}
'
Replace the following placeholders with meaningful data:
PROJECT_NAME
, for exampleorg-vpc-test
BEARER_TOKEN
SERVICE_NAME
, for exampleorg-vpc-test-project
CLOUD_PROVIDER_REGION
, for examplegoogle-europe-west10
SERVICE_PLAN
, for examplestartup-4
SERVICE_TYPE
, for examplepg
DISK_SIZE
in MiB, for example81920
ORGANIZATION_VPC_ID
Migrate a service to an organization VPC
Your organization VPC is available as a geolocation (cloud region) for your service.
You can only migrate a service to an organization VPC if:
- The organization VPC is in the same organization where the service runs.
- The service and the organization VPC are hosted using the same cloud provider and region.
Migrate a service to an organization VPC using a tool of your choice:
- Aiven Console
- Aiven CLI
- Aiven API
- In Aiven Console, open your service and click Service settings.
- In the Cloud and network section, click Actions > Change cloud or region.
- In the Region section, go to the VPCs tab, select your organization VPC and click Migrate.
Run avn service update:
avn service update SERVICE_NAME \
--project-vpc-id ORGANIZATION_VPC_ID \
--project PROJECT_NAME
Replace the following:
SERVICE_NAME
with the name of the service to be migrated, for example,pg-test
ORGANIZATION_VPC_ID
with the ID of your organization VPC where to migrate the service, for example,12345678-1a2b-3c4d-5f6g-1a2b3c4d5e6f
PROJECT_NAME
with the name of the project where your service resides, for example,pj-test
Call the ServiceUpdte
endpoint to set vpc_id
of the service to the ID of your organization VPC:
curl --request PUT \
--url https://api.aiven.io/v1/project/PROJECT_NAME/service/SERVICE_NAME \
-H 'Authorization: Bearer BEARER_TOKEN' \
-H 'content-type: application/json' \
--data '{"project_vpc_id": "ORGANIZATION_VPC_ID"}'
Replace the following placeholders with meaningful data:
PROJECT_NAME
, for exampleorg-vpc-test
SERVICE_NAME
, for exampleorg-vpc-service
BEARER_TOKEN
ORGANIZATION_VPC_ID
Delete an organization VPC
Remove all services from your VCP before you delete it. To remove the services from the VCP, either migrate them out of the VCP or delete them. Deleting the VPC terminates its peering connections, if any.
Delete an organization VPC using a tool of your choice:
- Aiven Console
- Aiven CLI
- Aiven API
- Log in to the Aiven Console, and click Admin in the top navigation bar.
- Click VPCs in the sidebar.
- On the Virtual private clouds page, find a VPC to be deleted and click Actions > Delete.
- In the Confirmation window, click Delete VPC.
Run the avn organization vpc delete
command:
avn organization vpc delete \
--organization-id ORGANIZATION_ID \
--organization-vpc-id ORGANIZATION_VPC_ID
Replace the following:
ORGANIZATION_ID
with the ID of your Aiven organization, for example,org1a2b3c4d5e6
ORGANIZATION_VPC_ID
with the ID of your Aiven organization VPC, for example,12345678-1a2b-3c4d-5f6g-1a2b3c4d5e6f
Make an API call to the OrganizationVpcDelete endpoint:
curl --request DELETE \
--url https://api.aiven.io/v1/organization/ORGANIZATION_ID/vpcs/ORGANIZATION_VPC_ID \
--header 'Authorization: Bearer BEARER_TOKEN' \
Replace the following placeholders with meaningful data:
ORGANIZATION_ID
ORGANIZATION_VPC_ID
BEARER_TOKEN
Related pages