Skip to main content

Manage a service in a VPC

Manage your Aiven services in a VPC, including setup, migration, and accessing resources securely within your project VPC.

Prerequisites

You can manage services either in a project VPC or in an organization VPC.

Create a service in a VPC

You can create a service either in a project VPC or in an organization VPC.

Your project VPC is available as a geolocation (cloud region) for the new service.

note

You can create a service in a project VPC only if it is in the same project where you are creating the service.

Create a service in a project VPC using a tool of your choice:

Set your project VPC as a cloud region for the new service:

  1. From your project, in the Services page, click Create service.

  2. From the Select service page, click the service type of your choice.

  3. Select the cloud provider and region to host your service on.

    note

    The pricing for the same service can vary between different providers and regions. The service summary shows you the pricing for your selected options.

  4. Select a service plan.

    note

    This determines the number of servers and the memory, CPU, and disk resources allocated to your service. See Plans & Pricing.

  5. Optional: Add disk storage.

  6. Enter a name for your service.

    important

    You cannot change the name after you create the service.

    You can fork the service with a new name instead.

  7. Optional: Add tags.

  8. Click Create service.

The Overview page of the service opens. It shows the connection parameters for your service, its current status, and the configuration options.

The status of the service is Rebuilding during its creation. When the status becomes Running, you can start using the service. This typically takes couple of minutes and can vary between cloud providers and regions.

Migrate a service to a VPC

You can migrate a service either to a project VPC or to an organization VPC.

Your project VPC is available as a geolocation (cloud region) for your service.

note

You can migrate a service to a project VPC only if the project VPC is in the same project running your service.

Migrate a service to a project VPC using a tool of your choice:

  1. In the Aiven Console, open your service page and click Service settings.
  2. In the Cloud and network section, click Actions > Change cloud or region.
  3. In the Region section, go to the VPCs tab, select your project VPC and click Migrate.

Migrate a service deployed in a VPC to another cloud

Aiven doesn't natively support automatic migration of a service from a VPC in one cloud provider to another. The migration is possible manually by following these generic instructions, which may need to be adapted to meet specific security or compliance requirements:

  1. Create a new service in the destination cloud/VPC.
  2. Set up replication or export/import, depending on the service:
    1. Aiven for PostgreSQL®, Aiven for MySQL® or similar: Use pg_dump, pg_restore, logical replication, or Aiven’s replication features.
    2. Aiven for Apache Kafka®: Use Aiven for Apache Kafka® MirrorMaker 2 or Confluent Replicator.
  3. Sync data and test the new setup.
  4. Cut over traffic to the new service.
  5. Decommission the old service.
note

Reach out to your account team if you need more migration guidance or best practices.

Access a service deployed in a VPC from the public internet

When you move your service to a VPC, access from public networks is blocked by default. If you switch to public access, a separate endpoint is created with a public prefix. You can enable public internet access for your services by following the Enable public access in a VPC instructions.

IP filtering is available for a service deployed to a VPC. It's recommended to use IP filtering when your VPC service is also exposed to the public internet.

note

If your service is within a VPC, the VPC configuration filters incoming traffic before the IP filter is applied.

Safelisting applies to both internal and external traffic. If you safelist an external IP address and want to keep traffic flowing with the internal (peered) connections, safelist the CIDR blocks of the peered networks as well to avoid disruptions to the service.