diff --git a/docs/platform/concepts/byoc.md b/docs/platform/concepts/byoc.md
index 03ac9c77..85dfad6d 100644
--- a/docs/platform/concepts/byoc.md
+++ b/docs/platform/concepts/byoc.md
@@ -1,7 +1,7 @@
---
title: Bring your own cloud (BYOC)
sidebar_label: Bring your own cloud
-keywords: [AWS, Amazon Web Services, GCP, Google Cloud Platform, private deployment, public deployment, byoc, bring your own cloud, custom cloud, backup]
+keywords: [AWS, Amazon Web Services, GCP, Google Cloud Platform, private deployment, public deployment, byoc, bring your own cloud, custom cloud]
---
import Tabs from '@theme/Tabs';
@@ -10,7 +10,6 @@ import byocAwsPrivate from "@site/static/images/content/figma/byoc-aws-private.p
import byocAwsPublic from "@site/static/images/content/figma/byoc-aws-public.png";
import byocGcpPrivate from "@site/static/images/content/figma/byoc-gcp-private.png";
import byocGcpPublic from "@site/static/images/content/figma/byoc-gcp-public.png";
-import byocHowItWorks from "@site/static/images/content/figma/byoc-how-it-works.png";
_Bring your own cloud_ (BYOC) allows you to use your own cloud infrastructure instead of relying on the Aiven-managed infrastructure.
@@ -22,30 +21,11 @@ project, or organization has specific requirements. With BYOC, your Aiven
organization gets connected with your cloud provider account by creating _custom
clouds_ in your Aiven organization.
-## How it works
-
A custom cloud is a secure environment within your cloud provider account to run
Aiven-managed data services. By enabling BYOC, creating custom clouds, and
setting up Aiven services within the custom clouds, you can manage your
infrastructure on the Aiven platform while keeping your data in your own cloud.
-
-
-1. [Enable BYOC](/docs/platform/howto/byoc/enable-byoc) in your Aiven organization by
- setting up a call with the Aiven sales team to share your use case and its requirements.
-1. [Create a custom cloud](/docs/platform/howto/byoc/create-custom-cloud) in the Aiven
- Console or CLI by providing cloud setup details essential to generate your custom cloud
- infrastructure template.
-1. **Integrate your cloud account with Aiven** by applying the infrastructure template for
- [AWS](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#deploy-the-template)
- or
- [Google Cloud](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#deploy-the-template).
-1. [Deploy services](/docs/platform/howto/byoc/manage-byoc-service) by creating new
- Aiven-managed services in the custom cloud or migrating existing Aiven-managed services
- to the custom cloud.
-1. **View Aiven-managed assets in your cloud account**: You can preview Aiven-managed
- services and infrastructure in your cloud account.
-
## Why use BYOC
Consider using BYOC and custom clouds if you have specific business
@@ -69,12 +49,13 @@ needs or project requirements, such as:
strategies to save on compute and storage infrastructure costs
related to Aiven services.
-## Who is eligible for BYOC
+## Who is eligible for BYOC {#eligible-for-byoc}
The BYOC setup is a bespoke service offered on a case-by-case basis, and
not all cloud providers support it yet. You're eligible for BYOC if:
-- You use Amazon Web Services (AWS) or Google Cloud.
+- You use Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure
+ (excluding Azure Germany), or Oracle Cloud Infrastructure (OCI).
- You have a commitment deal with Aiven.
- You have the [Advanced or Premium support tier](/docs/platform/howto/support).
@@ -115,7 +96,7 @@ may have and potentially leverage enterprise discounts in certain cases.
For a cost estimate and analysis, contact your account team.
:::
-## BYOC architecture
+## BYOC architecture {#byoc-deployment}
@@ -126,26 +107,21 @@ In the AWS private deployment model, a Virtual Private Cloud (**BYOC VPC**) for
services is created within a particular cloud region in your remote cloud account.
Aiven accesses this VPC from a static IP address and routes
traffic through a proxy for additional security. To accomplish this, Aiven
-utilizes a bastion host (**Bastion node**) logically separated from the Aiven services
+utilizes a bastion host (**Bastion node**) physically separated from the Aiven services
you deploy. The service VMs reside in a privately addressed subnet (**Private subnet**)
and are accessed by the Aiven management plane via the bastion. They are not
-accessible through the internet.
+accessible through the Internet.
:::note
Although the bastion host and the service nodes reside in the VPC under
your management (**BYOC VPC**), they are not accessible (for example, via SSH) to anyone
outside Aiven.
-The bastion and workload nodes require outbound access to the internet
+The bastion and workload nodes require outbound access to the Internet
to work properly (supporting HA signaling to the Aiven management node and RPM download
from Aiven repositories).
:::
-Object storage in your AWS cloud account is where service's
-[backups](/docs/platform/concepts/byoc#byoc-service-backups) and
-[cold data](/docs/platform/howto/byoc/store-data#byoc-tiered-storage) are stored using
-two S3 buckets.
-
@@ -153,24 +129,18 @@ two S3 buckets.
In the AWS public deployment model, a Virtual Private Cloud (**BYOC VPC**) for your Aiven
services is created within a particular cloud region in your remote cloud account.
-Aiven accesses this VPC through an internet gateway. Service VMs reside in a publicly
+Aiven accesses this VPC through an Internet gateway. Service VMs reside in a publicly
addressed subnet (**Public subnet**), and Aiven services can be accessed
-through the public internet: the Aiven control plane connects to the nodes
+through the public Internet: the Aiven control plane connects to the nodes
using the public address, and the Aiven management plane can access the service VMs
-directly. To restrict access to your service, you can use the
-[IP filter](/docs/platform/howto/restrict-access).
-
-Object storage in your AWS cloud account is where service's
-[backups](/docs/platform/concepts/byoc#byoc-service-backups) and
-[cold data](/docs/platform/howto/byoc/store-data#byoc-tiered-storage) are stored using
-two S3 buckets.
+directly.
-
+
-
+
-In the Google Cloud private deployment model, a Virtual Private Cloud (**BYOC VPC**) for
-your Aiven services is created within a particular cloud region in your remote cloud account.
+In the GCP private deployment model, a Virtual Private Cloud (**BYOC VPC**) for your Aiven
+services is created within a particular cloud region in your remote cloud account.
Within the **BYOC VPC**, there are:
- **Public subnet** for the bastion node
@@ -178,35 +148,33 @@ Within the **BYOC VPC**, there are:
Aiven accesses the **BYOC VPC** from a static IP address and routes
traffic through a proxy for additional security. To accomplish this, Aiven
-utilizes a bastion host (**Bastion note**) logically separated from the Aiven services
+utilizes a bastion host (**Bastion note**) physically separated from the Aiven services
you deploy. The service VMs reside in a privately addressed subnet (**Private subnet**)
and are accessed by the Aiven management plane via the bastion. They are not
-accessible through the internet.
+accessible through the Internet.
:::note
Although the bastion host and the service nodes reside in the VPC under
your management (**BYOC VPC**), they are not accessible (for example, via SSH) to anyone
outside Aiven.
-The bastion and workload nodes require outbound access to the internet
+The bastion and workload nodes require outbound access to the Internet
to work properly (supporting HA signaling to the Aiven management node and RPM download
from Aiven repositories).
:::
-
+
-
+
-In the Google Cloud public deployment model, a Virtual Private Cloud (**Workload VPC**)
-for your Aiven services is created within a particular cloud region in your remote cloud
-account. Aiven accesses this VPC through an internet gateway. Service VMs reside in a
-publicly addressed subnet (**Public subnet**), and Aiven services can be accessed
-through the public internet: the Aiven control plane connects to the nodes
+In the GCP public deployment model, a Virtual Private Cloud (**Workload VPC**) for your
+Aiven services is created within a particular cloud region in your remote cloud account.
+Aiven accesses this VPC through an Internet gateway. Service VMs reside in a publicly
+addressed subnet (**Public subnet**), and Aiven services can be accessed
+through the public Internet: the Aiven control plane connects to the nodes
using the public address, and the Aiven management plane can access the service VMs
-directly. To restrict access to your service, you can use the
-[IP filter](/docs/platform/howto/restrict-access).
-
+directly.
@@ -214,25 +182,18 @@ Firewall rules are enforced on the subnet level.
You can integrate your services using standard VPC peering techniques.
All Aiven communication is encrypted.
-## BYOC service backups
-
-Depending on the BYOC service, Aiven takes
-[regular service backups](/docs/platform/concepts/service_backups) to enable forking, point
-in time recovery (PITR), and disaster recovery.
-
-Backups of BYOC-hosted services are stored as follows:
+## BYOC and backups
-- **AWS BYOC**: User-owned backups stored in object storage in your own AWS cloud account.
- One S3 bucket is created per custom cloud.
-- **Google Cloud**: Aiven-owned backups stored in Aiven-managed object
- storage. It's still possible to store backups in your own cloud account, provided
- Aiven gets read-write permissions to access the object storage in your cloud account.
+Depending on the service used, Aiven takes regular backups to enable
+forking, point in time recovery (PITR), and disaster recovery. These
+backups by default do not reside in your cloud. If there is a
+requirement to have all backups in your own cloud account, it's still possible.
+To accomplish this, Aiven needs read-write permissions to access the object storage on
+your cloud account.
:::important
-
-- All backups are encrypted using Aiven-managed keys.
-- You are responsible for managing object storage configuration.
-
+All backups are encrypted using Aiven-managed keys, and you are
+responsible for managing object storage configurations.
:::
## Dev tools for BYOC
@@ -244,8 +205,9 @@ Aiven deployment model.
## Related pages
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc)
+- [Enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc)
- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud)
-- [Store data in custom clouds](/docs/platform/howto/byoc/store-data)
-- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service)
+- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud)
+- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud)
+- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources)
+- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
diff --git a/docs/platform/concepts/service_backups.md b/docs/platform/concepts/service_backups.md
index c0430586..22bf991f 100644
--- a/docs/platform/concepts/service_backups.md
+++ b/docs/platform/concepts/service_backups.md
@@ -333,9 +333,3 @@ backups, see
For more information on Aiven for ClickHouse backups, see
[Backup and restore](/docs/products/clickhouse/concepts/disaster-recovery).
-
-## BYOC service backups
-
-Learn about
-[backups for services hosted in custom clouds](/docs/platform/concepts/byoc#byoc-service-backups)
-or [bring your own cloud (BYOC)](/docs/platform/concepts/byoc) environments.
diff --git a/docs/platform/howto/byoc/add-customer-info-custom-cloud.md b/docs/platform/howto/byoc/add-customer-info-custom-cloud.md
index 244840c7..f08b6369 100644
--- a/docs/platform/howto/byoc/add-customer-info-custom-cloud.md
+++ b/docs/platform/howto/byoc/add-customer-info-custom-cloud.md
@@ -86,7 +86,9 @@ team if needed.
## Related pages
-- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status)
+- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc)
+- [Enable the bring your own cloud (BYOC) feature](/docs/platform/howto/byoc/enable-byoc)
+- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud)
- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud)
-- [Rename a custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources)
+- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
diff --git a/docs/platform/howto/byoc/assign-project-custom-cloud.md b/docs/platform/howto/byoc/assign-project-custom-cloud.md
index acbe0812..90951344 100644
--- a/docs/platform/howto/byoc/assign-project-custom-cloud.md
+++ b/docs/platform/howto/byoc/assign-project-custom-cloud.md
@@ -105,7 +105,9 @@ custom cloud, you can:
## Related pages
-- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status)
+- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc)
+- [Enable the bring your own cloud (BYOC) feature](/docs/platform/howto/byoc/enable-byoc)
+- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud)
- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud)
-- [Rename a custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources)
+- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
diff --git a/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud.md b/docs/platform/howto/byoc/create-custom-cloud.md
similarity index 63%
rename from docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud.md
rename to docs/platform/howto/byoc/create-custom-cloud.md
index 9ec9fbc0..3fb67629 100644
--- a/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud.md
+++ b/docs/platform/howto/byoc/create-custom-cloud.md
@@ -1,7 +1,7 @@
---
-title: Create an AWS-integrated custom cloud
-sidebar_label: Amazon Web Services
-keywords: [AWS, Amazon Web Services, byoc, bring your own cloud, custom cloud]
+title: Create a custom cloud
+sidebar_label: Create custom clouds
+keywords: [AWS, Amazon Web Services, Microsoft Azure, GCP, Google Cloud Platform, byoc, bring your own cloud, custom cloud, OCI, Oracle Cloud Infrastructure]
---
import ConsoleLabel from "@site/src/components/ConsoleIcons";
@@ -10,45 +10,131 @@ import TabItem from '@theme/TabItem';
Create a [custom cloud](/docs/platform/concepts/byoc) for BYOC in your Aiven organization to better address your specific business needs or project requirements.
-To configure a custom cloud in your Aiven organization and prepare your AWS
-account so that Aiven can access it:
+:::note
+
+- Creating and using custom clouds in your Aiven organization requires
+ enabling
+ [the _bring your own cloud (BYOC)_ feature](/docs/platform/concepts/byoc). Check
+ [who is eligible for BYOC](/docs/platform/concepts/byoc#eligible-for-byoc). To
+ use the feature,
+ [enable BYOC in your Aiven organization](/docs/platform/howto/byoc/enable-byoc).
+- Enabling
+ [the BYOC feature](/docs/platform/concepts/byoc) or creating custom clouds in your
+ Aiven environment does not affect the configuration of your existing organizations,
+ projects, or services. This only makes the new BYOC capabilities available in your
+ environment.
+
+:::
+
+The process of creating a custom cloud in Aiven differs depending on the
+cloud provider to integrate with:
+
+
+
+You configure your custom cloud setup in the [Aiven
+Console](https://console.aiven.io/) and prepare your own AWS account so
+that Aiven can access it. In the [Aiven Console](https://console.aiven.io/),
+you follow the **Create custom cloud** workflow to generate a Terraform
+infrastructure-as-code (IaC) template. Next, you deploy this template in
+your AWS account to acquire IAM Role ARN (Amazon Resource Name). You
+supply your IAM Role ARN into the **Create custom cloud** wizard, which
+gives Aiven the permissions to securely access your AWS account, create
+resources, and manage them onward. Finally, you select projects that can
+use your new custom clouds for creating services, and you add customer
+contacts for your custom cloud.
+
+
+You create and configure a custom cloud via CLI, and you prepare your remote GCP account so
+that Aiven can access it. Using the Aiven CLI, you generate an infrastructure-as-code
+(IaC) template in the Terraform format. You download the template and deploy it in your
+remote GCP cloud account to generate a privilege-bearing service account (SA), which Aiven
+needs for accessing your GCP account only with permissions that are required.
+
+:::note
+Privilege-bearing service account (SA) is an
+[identifier](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account)
+of the [service account](https://cloud.google.com/iam/docs/service-account-types#user-managed)
+created when running the IaC template in your Google account. Aiven [impersonates this
+service account](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct)
+and runs operations, such as creating VMs for service nodes, in your BYOC account.
+:::
+
+Next, you deploy your custom cloud resources supplying the generated privilege-bearing SA
+as a parameter. Finally, you select in which Aiven projects to use your custom cloud, and
+you assign a contact person for your custom cloud.
+
+
+If you use Azure or OCI as a cloud provider, you'll have your
+custom cloud created by the Aiven team. Just
+[enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc) and specify your
+requirements. The Aiven team will build your custom cloud according to the specification
+you provide. There are no further actions required from you to create your custom cloud.
+The Aiven team might reach out to you for more details and will follow up with you to keep
+you informed on the progress.
+
+
-1. In the Aiven Console or with the Aiven CLI client, you specify new cloud details to
- generate a Terraform infrastructure-as-code template.
-1. You download the generated template and deploy it in your AWS account to acquire IAM
- Role ARN (Amazon Resource Name).
-1. You deploy your custom cloud resources supplying the acquired IAM Role ARN to the Aiven
- platform, which gives Aiven the permissions to securely access your AWS account, create
- resources, and manage them onward.
-1. You select projects that can use your new custom clouds for creating services.
-1. You add contact details for individuals from your organization that Aiven can reach out
- to in case of technical issues with the new cloud.
+## Limitations {#byoc-limitations}
-## Before you start
+- You need at least the Advanced tier of Aiven support services to be
+ eligible for activating BYOC.
-### Prerequisites
+ :::note
+ See [Aiven support tiers](https://aiven.io/support-services) and
+ [Aiven responsibility matrix](https://aiven.io/responsibility-matrix) for BYOC.
+ Contact your account team to learn more or upgrade your support tier.
+ :::
+
+- You can create custom clouds yourself (via the BYOC self-service) if your cloud
+ provider is AWS (in the [Aiven Console](https://console.aiven.io/)) or GCP (via [Aiven
+ CLI client](/docs/tools/cli/byoc)).
+ For Azure & OCI, [request creating a custom cloud](/docs/platform/howto/byoc/enable-byoc)
+ from the Aiven team.
+- Only [super admins](/docs/platform/howto/make-super-admin) can create custom clouds.
+## Prerequisites {#byoc-prerequisites}
+
+
+
- You have [enabled the BYOC feature](/docs/platform/howto/byoc/enable-byoc).
- You have an active account with your cloud provider.
-- Depending on the tool to use for creating a custom cloud:
- - Console: Access to the [Aiven Console](https://console.aiven.io/) or
- - CLI:
- - [Aiven CLI client](/docs/tools/cli) installed
- - Aiven organization ID from the output of the `avn organization list` command or
- from the [Aiven Console](https://console.aiven.io/) >
- \> .
+- Depending on the dev tool to use for creating a custom cloud, you have:
+ - Access to the [Aiven Console](https://console.aiven.io/) or
+ - [Aiven CLI client](/docs/tools/cli) installed
- You have the [super admin](/docs/platform/howto/make-super-admin) role in your Aiven
organization.
- You have Terraform installed.
-- You have required
- [IAM permissions](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#iam-permissions).
+- You have required [IAM permissions](#iam-permissions)
+
+
+- You have [enabled the BYOC feature](/docs/platform/howto/byoc/enable-byoc).
+- You have an active account with your cloud provider.
+- You have the [Aiven CLI client](/docs/tools/cli) installed.
+- You have the [super admin](/docs/platform/howto/make-super-admin) role in your Aiven
+ organization.
+- You have [Terraform](/docs/tools/terraform) installed.
+- You have required [IAM permissions](#iam-permissions).
+- You have your Aiven organization ID from:
+
+ - Output of the `avn organization list` command
+ - [Aiven Console](https://console.aiven.io/) >
+ \> .
+
+
+
+You have access to the [Aiven Console](https://console.aiven.io/) to
+[enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc).
+
+
### IAM permissions
You need cloud account credentials set up on your machine so that your user or role has
required Terraform permissions
-[to integrate with your cloud provider](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#create-a-custom-cloud).
+[to integrate with your cloud provider](/docs/platform/howto/byoc/create-custom-cloud#create-cloud).
+
+
Show permissions required for creating resources for bastion and workload networks
@@ -399,36 +485,66 @@ Show permissions required for creating resources for bastion and workload networ
```
+
+
+
+Show permissions needed by your service account that will run the Terraform script in your
+Google project
+
+- `roles/iam.serviceAccountAdmin` (sets up impersonation to the privilege-bearing service account)
+- `roles/resourcemanager.projectIamAdmin` (provides permissions to the privilege-bearing
+ service account to use your project)
+- `roles/compute.instanceAdmin.v1` (manages networks and instances)
+- `roles/compute.securityAdmin` (creates firewall rules)
+- Enable [Identity and Access Management (IAM) API](https://cloud.google.com/iam/docs/reference/rest)
+ to create the privilege-bearing service account
+- Enable
+ [Cloud Resource Manager (CRM) API](https://cloud.google.com/resource-manager/reference/rest)
+ to set IAM policies to the privilege-bearing service account
+- Enable
+ [Compute Engine API](https://console.cloud.google.com/marketplace/product/google/compute.googleapis.com).
+
+For more information on Google Cloud roles, see
+[IAM basic and predefined roles reference](https://cloud.google.com/iam/docs/understanding-roles)
+in the Goodle Cloud documentation.
+
+
+The Aiven team will talk to you to determine required permissions.
+
+
-## Create a custom cloud
+## Create a custom cloud {#create-cloud}
-Create a custom cloud either in the Aiven Console or with the Aiven CLI.
+How you create a custom cloud in Aiven depends on what cloud provider you use.
-
+
#### Launch the BYOC setup
-1. Log in to the [Aiven Console](https://console.aiven.io/), and go to an organization.
+1. Log in to the [Aiven Console](https://console.aiven.io/), and go to a organization.
1. Click **Admin** in the top navigation, and click
in the sidebar.
1. In the **Bring your own cloud** view, select **Create custom cloud**.
-#### Generate an infrastructure template
+#### Generate an infrastructure template {#generate-infra-template}
In this step, an IaC template is generated in the Terraform format. In
-[the next step](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#deploy-the-template),
+[the next step](/docs/platform/howto/byoc/create-custom-cloud#deploy-template),
you'll deploy this template in your AWS account to acquire Role ARN
(Amazon Resource Name), which Aiven needs for accessing your AWS
account.
In the **Create custom cloud** wizard:
-1. Specify cloud setup details:
+1. Specify the following:
- Custom cloud name
+
- Cloud provider
+
- Region
+
- CIDR
The **CIDR** block defines the IP address range of the VPC that
@@ -464,39 +580,24 @@ In the **Create custom cloud** wizard:
cannot change the BYOC VPC CIDR block after your custom
cloud is created.
- - [Deployment model](/docs/platform/concepts/byoc#byoc-architecture)
-
- Choose between:
- - Private model, which routes traffic through a proxy for additional security
- utilizing a bastion host logically separated from the Aiven services.
- - Public model, which allows the Aiven control plane to connect to the service
- nodes via the public internet.
-
- - [Infrastructure tags](/docs/platform/howto/byoc/tag-custom-cloud-resources)
+ - Deployment model: Choose between
+ [the private architecture and the public architecture](/docs/platform/concepts/byoc).
-
-
-1. Click **Next**.
+1. Select **Next**.
Your IaC Terraform template gets generated based on your inputs. You can
view, copy, or download it. Now, you can use the template to
-[acquire Role ARN](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#deploy-the-template).
+[acquire Role ARN](/docs/platform/howto/byoc/create-custom-cloud#deploy-template).
-#### Deploy the template
+#### Deploy the template{#deploy-template}
Role ARN is an [identifier of the
role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
@@ -506,11 +607,10 @@ role](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html)
and run operations such as creating VMs for service nodes in your BYOC
account.
-Use the
-[generated Terraform template](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#generate-an-infrastructure-template)
-to create your Role ARN by deploying the template in your AWS account.
-
-Continue working in the **Create custom cloud** wizard:
+Use the Terraform template generated in step
+[Generate an infrastructure template](/docs/platform/howto/byoc/create-custom-cloud#generate-infra-template)
+to create your Role ARN by deploying the template in your
+AWS account. Continue working in the **Create custom cloud** wizard:
1. Copy or download the template and the variables file from the
**Create custom cloud** wizard.
@@ -537,13 +637,13 @@ Continue working in the **Create custom cloud** wizard:
as an option.
:::
-1. Find a role identifier (Role ARN) in the output script after
+1. Find the role identifier (Role ARN) in the output script after
running the template.
1. Enter Role ARN into the **Role ARN** field in the **Create custom
cloud** wizard.
-1. Click **Next** to proceed or park your cloud setup and save
+1. Select **Next** to proceed or park your cloud setup and save
your current configuration as a draft by selecting **Save draft**.
You can resume creating your cloud later.
@@ -561,14 +661,24 @@ Your cloud can be available in:
- Selected organizational units
- Specific projects only
-To set up your cloud's availability in the **Create custom cloud** wizard >
-the **Assign BYOC to projects** section, select one of the two following options:
+Continue working in the **Create custom cloud** wizard:
+
+1. In the **Custom cloud's availability in your organization**
+ section, select either:
+
+ - **By default for all projects** to make your custom cloud
+ available in all existing and future projects in the
+ organization
+
+ or
-- **By default for all projects** to make your custom cloud
- available in all existing and future projects in the
- organization
-- **By selection** to pick specific projects or organizational
- units where you want your custom cloud to be available.
+ - **By selection** to pick specific projects or organizational
+ units where you want your custom cloud to be available.
+
+1. If you go for the **By selection** option, menus **Assign organizational units** and
+ **Assign projects** show up. Use them to
+ select organizational units and/or projects in which to use your custom
+ cloud.
:::note
By selecting an organizational unit, you make your custom cloud
@@ -577,20 +687,19 @@ available from all the projects in this unit.
#### Add customer contacts
-Select at least one person whom Aiven can contact in case of any technical
-issues with your custom cloud.
+Select at least one person whom Aiven can contact in case any technical
+issues with your custom cloud need fixing.
:::note
**Admin** is a mandatory role, which is required as a primary support contact.
:::
-In the **Create custom cloud** wizard > the **Customer contacts** section:
-
-1. Select a contact person's role using the **Job title** menu, and provide their email
+1. In the **Customer contacts** section, select a contact person's
+ role using the **Job title** menu, and provide their email
address in the **Email** field.
1. Use **+ Add another contact** to add as many customer contacts as
needed for your custom cloud.
-1. Click **Save and validate**.
+1. Select **Create**.
The custom cloud process has been initiated for you, which is
communicated in the the **Create custom cloud** wizard as **Creating
@@ -598,7 +707,7 @@ your custom cloud**.
#### Complete the cloud setup
-Select **Done** to close the **Create custom cloud** wizard.
+Select **Close** to close the **Create custom cloud** wizard.
The deployment of your new custom cloud might take a few minutes. As
soon as it's over, and your custom cloud is ready to use, you'll be
@@ -609,18 +718,16 @@ cloud** view.
Your new custom cloud is ready to use only after its status changes to
**Active**.
:::
-
-
-1. Generate an infrastructure template by running
- [avn byoc create](/docs/tools/cli/byoc#avn-byoc-create).
+
+1. Generate an IaC template by running [avn byoc create](/docs/tools/cli/byoc#avn-byoc-create).
```bash
avn byoc create \
--organization-id "ORGANIZATION_ID" \
--deployment-model "DEPLOYMENT_MODEL_NAME" \
- --cloud-provider "aws" \
+ --cloud-provider "google" \
--cloud-region "CLOUD_REGION_NAME" \
--reserved-cidr "CIDR_BLOCK" \
--display-name "CUSTOM_CLOUD_DISPLAY_NAME"
@@ -631,19 +738,19 @@ Your new custom cloud is ready to use only after its status changes to
- `ORGANIZATION_ID` with the ID of your Aiven organization to
connect with your own cloud account to create the custom cloud,
for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites).
- - `DEPLOYMENT_MODEL_NAME` with the type of [network architecture](/docs/platform/concepts/byoc#byoc-architecture)
+ [from the Aiven Console or CLI](#byoc-prerequisites).
+ - `DEPLOYMENT_MODEL_NAME` with the type of [network architecture](/docs/platform/concepts/byoc#byoc-deployment)
your custom cloud uses:
- `standard_public` (public) model: The nodes have public IPs and can be configured
to be publicly accessible for authenticated users. The Aiven control plane can
connect to the service nodes via the public internet.
- `standard` (private) model: The nodes reside in a VPC without public IP addresses
and are by default not accessible from outside. Traffic is routed through a proxy
- for additional security utilizing a bastion host logically separated from the
+ for additional security utilizing a bastion host physically separated from the
Aiven services.
- - `CLOUD_REGION_NAME` with the name of an AWS cloud region where to create your custom cloud,
+ - `CLOUD_REGION_NAME` with the name of a Google region where to create your custom cloud,
for example `europe-north1`. See all available options in
- [AWS cloud regions](/docs/platform/reference/list_of_clouds#amazon-web-services).
+ [Google Cloud regions](/docs/platform/reference/list_of_clouds#google-cloud).
- `CIDR_BLOCK` with a CIDR block defining the IP address range of the VPC that Aiven
creates in your own cloud account, for example: `10.0.0.0/16`, `172.31.0.0/16`, or
`192.168.0.0/20`.
@@ -657,7 +764,7 @@ Your new custom cloud is ready to use only after its status changes to
```json
{
"custom_cloud_environment": {
- "cloud_provider": "aws",
+ "cloud_provider": "google",
"cloud_region": "europe-north1",
"contact_emails": [
{
@@ -668,7 +775,7 @@ Your new custom cloud is ready to use only after its status changes to
],
"custom_cloud_environment_id": "018b6442-c602-42bc-b63d-438026133f60",
"deployment_model": "standard",
- "display_name": "My BYOC Cloud on AWS",
+ "display_name": "My BYOC Cloud on Google",
"errors": [],
"reserved_cidr": "10.0.0.0/16",
"state": "draft",
@@ -697,7 +804,7 @@ Your new custom cloud is ready to use only after its status changes to
- `ORGANIZATION_ID` with the ID of your Aiven organization to
connect with your own cloud account to create the custom cloud,
for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites).
+ [from the Aiven Console or CLI](#byoc-prerequisites).
- `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
command, for example `018b6442-c602-42bc-b63d-438026133f60`.
@@ -715,7 +822,7 @@ Your new custom cloud is ready to use only after its status changes to
- `ORGANIZATION_ID` with the ID of your Aiven organization to
connect with your own cloud account to create the custom cloud,
for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites).
+ [from the Aiven Console or CLI](#byoc-prerequisites).
- `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
command, for example `018b6442-c602-42bc-b63d-438026133f60`.
@@ -726,7 +833,7 @@ Your new custom cloud is ready to use only after its status changes to
To connect to a custom-cloud service from different security groups
(other than the one dedicated for the custom cloud) or from IP
address ranges, add specific ingress rules before you apply a
- Terraform infrastructure template in your AWS cloud account in the process
+ Terraform infrastructure template in your GCP account in the process
of creating a custom cloud resources.
Before adding ingress rules, see the examples provided in the
@@ -735,23 +842,24 @@ Your new custom cloud is ready to use only after its status changes to
:::
1. Use Terraform to deploy the infrastructure template with the provided variables in
- your AWS cloud account. This will generate a Role ARN.
+ your GCP account. This will generate a privilege-bearing service account (SA).
:::important
When running `terraform plan` and `terraform apply`, add `-var-file=FILE_NAME.vars`
as an option.
:::
- 1. Find `aws-iam-role-arn` in the output script after running the template.
+ 1. Find `privilege_bearing_service_account_id` in the output script after running
+ the template.
1. Provision resources by running [avn byoc provision](/docs/tools/cli/byoc#avn-byoc-provision)
- and passing the generated `aws-iam-role-arn` as an option.
+ and passing the generated `google-privilege-bearing-service-account-id` as an option.
```bash
avn byoc provision \
--organization-id "ORGANIZATION_ID" \
--byoc-id "CUSTOM_CLOUD_ID" \
- --aws-iam-role-arn "GENERATED_ROLE_ARN"
+ --google-privilege-bearing-service-account-id "GENERATED_SERVICE_ACCOUNT_ID"
```
Replace the following:
@@ -759,13 +867,15 @@ Your new custom cloud is ready to use only after its status changes to
- `ORGANIZATION_ID` with the ID of your Aiven organization to
connect with your own cloud account to create the custom cloud,
for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites).
+ [from the Aiven Console or CLI](#byoc-prerequisites).
- `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
command, for example `018b6442-c602-42bc-b63d-438026133f60`.
- - `GENERATED_ROLE_ARN` with the identifier of the role created when running the
- infrastructure template in your AWS cloud account.
- You can extract `GENERATED_ROLE_ARN` from the output of the `terraform apply`
+ - `GENERATED_SERVICE_ACCOUNT_ID` with the identifier of the service account
+ created when running the infrastructure template in your Google Cloud account,
+ for example
+ `projects/your-project/serviceAccounts/cce-cce0123456789a@your-project.iam.gserviceaccount.com`.
+ You can extract `GENERATED_SERVICE_ACCOUNT_ID` from the output of the `terraform apply`
command or `terraform output` command.
1. Enable your custom cloud in organizations, projects, or units by running
@@ -783,7 +893,7 @@ Your new custom cloud is ready to use only after its status changes to
- `ORGANIZATION_ID` with the ID of your Aiven organization to
connect with your own cloud account to create the custom cloud,
for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites).
+ [from the Aiven Console or CLI](#byoc-prerequisites).
- `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
command, for example `018b6442-c602-42bc-b63d-438026133f60`.
@@ -816,17 +926,76 @@ Your new custom cloud is ready to use only after its status changes to
- `ORGANIZATION_ID` with the ID of your Aiven organization to
connect with your own cloud account to create the custom cloud,
for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud#prerequisites).
+ [from the Aiven Console or CLI](#byoc-prerequisites).
- `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
command, for example `018b6442-c602-42bc-b63d-438026133f60`.
+
+
+To integrate with the Azure or OCI cloud providers, you'll have your custom cloud created
+by the Aiven team. [Enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc) and
+follow up with the Aiven team from there.
+## Check your cloud's status
+
+1. Log in to [Aiven Console](https://console.aiven.io/) as an
+ administrator, and go to an organization.
+1. From the top navigation bar, select **Admin**.
+1. From the left sidebar, select .
+1. In the **Bring your own cloud** view, identify your new cloud on the
+ list of available clouds and check its status in the **Status**
+ column.
+
+When your custom cloud's status is **Active**, its deployment has been completed. Your
+custom cloud is ready to use and you can see it on the list of your custom clouds in the
+**Bring your own cloud** view. Now you can create new services in the custom cloud or
+migrate your existing services to the custom cloud if your service and networking
+configuration allows it. For more information on migrating your existing services to the
+custom cloud, contact your account team.
+
+## Manage services in custom clouds
+
+### Create a service in the custom cloud
+
+
+
+To create a service in the [Aiven Console](https://console.aiven.io/) in your new
+custom cloud, follow the guidelines in
+[Create a service](/docs/platform/howto/create_new_service).
+
+When creating a service in the [Aiven Console](https://console.aiven.io/), at the
+**Select service region** step, select **Custom clouds** from the available regions.
+
+
+To create a service hosted in your new custom cloud, run
+[avn service create](/docs/tools/cli/service-cli#avn-cli-service-create) passing your new
+custom cloud name as an option:
+
+ ```bash
+ avn service create \
+ --project "PROJECT_NAME" \
+ --service-type "TYPE_OF_BYOC_SERVICE" \
+ --plan "PLAN_OF_BYOC_SERVICE" \
+ --cloud "CUSTOM_CLOUD_NAME" \
+ "NEW_BYOC_SERVICE_NAME"
+ ```
+
+
+
+
+### Migrate existing services to the custom cloud
+
+Whether you can migrate existing services to the custom cloud depends on your service and
+networking configuration. Contact your account team for more information.
+
## Related pages
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [Store data in custom clouds](/docs/platform/howto/byoc/store-data)
-- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status)
-- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service)
+- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc)
+- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc)
+- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud)
+- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud)
+- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources)
+- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
diff --git a/docs/platform/howto/byoc/create-custom-cloud/create-custom-cloud.md b/docs/platform/howto/byoc/create-custom-cloud/create-custom-cloud.md
deleted file mode 100644
index a4155d38..00000000
--- a/docs/platform/howto/byoc/create-custom-cloud/create-custom-cloud.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Create a custom cloud
-sidebar_label: Create custom clouds
-keywords: [AWS, Amazon Web Services, GCP, Google Cloud Platform, byoc, bring your own cloud, custom cloud]
----
-
-import DocCardList from '@theme/DocCardList';
-import ConsoleLabel from "@site/src/components/ConsoleIcons";
-import Card from "@site/src/components/AivenCard";
-import GridContainer from "@site/src/components/GridContainer";
-import Cassandra from "@site/static/images/logos/cassandra.svg";
-
-To create custom clouds in Aiven using self-service, select your cloud provider to integrate with.
-
-
-
-
-
-
-#### Limitations
-
-- You need at least the Advanced tier of Aiven support services to be
- eligible for activating BYOC.
-
- :::tip
- See [Aiven support tiers](https://aiven.io/support-services) and
- [Aiven responsibility matrix](https://aiven.io/responsibility-matrix) for BYOC.
- Contact your account team to learn more or upgrade your support tier.
- :::
-
-- Only [super admins](/docs/platform/howto/make-super-admin) can create custom clouds.
-
-#### Related pages
-
-- [About bring your own cloud](/docs/platform/concepts/byoc)
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [Store data in custom clouds](/docs/platform/howto/byoc/store-data)
diff --git a/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud.md b/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud.md
deleted file mode 100644
index 19705428..00000000
--- a/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud.md
+++ /dev/null
@@ -1,500 +0,0 @@
----
-title: Create a Google-integrated custom cloud
-sidebar_label: Google Cloud
-keywords: [Google Cloud, GCP, Google Cloud Platform, byoc, bring your own cloud, custom cloud]
----
-
-import ConsoleLabel from "@site/src/components/ConsoleIcons";
-import Tabs from '@theme/Tabs';
-import TabItem from '@theme/TabItem';
-
-Create a [custom cloud](/docs/platform/concepts/byoc) for BYOC in your Aiven organization to better address your specific business needs or project requirements.
-
-To configure a custom cloud in your Aiven organization and prepare your Google Cloud
-account so that Aiven can access it:
-
-1. In the Aiven Console or with the Aiven CLI client, you specify new cloud details to
- generate a Terraform infrastructure-as-code template.
-1. You download the generated template and deploy it in your Google Cloud account to acquire
- a privilege-bearing service account, which Aiven needs for accessing your Google
- Cloud account only with permissions that are required.
-
- :::note
- Privilege-bearing service account is an
- [identifier](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account#id)
- of the [service account](https://cloud.google.com/iam/docs/service-account-types#user-managed)
- created when running the infrastructure template in your Google Cloud account. Aiven
- [impersonates this service account](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct)
- and runs operations, such as creating VMs for service nodes, in your BYOC account.
- :::
-
-1. You deploy your custom cloud resources supplying the generated privilege-bearing service
- account to the Aiven platform, which gives Aiven the permissions
- to securely access your Google Cloud account, create resources, and manage them onward.
-1. You select projects that can use your new custom clouds for creating services.
-1. You add contact details for individuals from your organization that Aiven can reach out
- to in case of technical issues with the new cloud.
-
-## Before you start
-
-### Prerequisites
-
-- You have [enabled the BYOC feature](/docs/platform/howto/byoc/enable-byoc).
-- You have an active account with your cloud provider.
-- Depending on the tool to use for creating a custom cloud:
- - Console: Access to the [Aiven Console](https://console.aiven.io/) or
- - CLI:
- - [Aiven CLI client](/docs/tools/cli) installed
- - Aiven organization ID from the output of the `avn organization list` command or
- from the [Aiven Console](https://console.aiven.io/) >
- \> .
-- You have the [super admin](/docs/platform/howto/make-super-admin) role in your Aiven
- organization.
-- You have Terraform installed.
-- You have required
- [IAM permissions](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#iam-permissions).
-
-### IAM permissions
-
-You need cloud account credentials set up on your machine so that your user or role has
-required Terraform permissions
-[to integrate with your cloud provider](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#create-a-custom-cloud).
-
-
-Show permissions needed by your service account that will run the Terraform script in your
-Google project
-
-- `roles/iam.serviceAccountAdmin` (sets up impersonation to the privilege-bearing service account)
-- `roles/resourcemanager.projectIamAdmin` (provides permissions to the privilege-bearing
- service account to use your project)
-- `roles/compute.instanceAdmin.v1` (manages networks and instances)
-- `roles/compute.securityAdmin` (creates firewall rules)
-- Enable [Identity and Access Management (IAM) API](https://cloud.google.com/iam/docs/reference/rest)
- to create the privilege-bearing service account
-- Enable
- [Cloud Resource Manager (CRM) API](https://cloud.google.com/resource-manager/reference/rest)
- to set IAM policies to the privilege-bearing service account
-- Enable
- [Compute Engine API](https://console.cloud.google.com/marketplace/product/google/compute.googleapis.com).
-
-For more information on Google Cloud roles, see
-[IAM basic and predefined roles reference](https://cloud.google.com/iam/docs/understanding-roles)
-in the Goodle Cloud documentation.
-
-## Create a custom cloud
-
-Create a custom cloud either in the Aiven Console or with the Aiven CLI.
-
-
-
-
-#### Launch the BYOC setup
-
-1. Log in to the [Aiven Console](https://console.aiven.io/), and go to an organization.
-1. Click **Admin** in the top navigation, and click
- in the sidebar.
-1. In the **Bring your own cloud** view, select **Create custom cloud**.
-
-#### Generate an infrastructure template
-
-In this step, an IaC template is generated in the Terraform format. In
-[the next step](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#deploy-the-template),
-you'll deploy this template in your Google Cloud account to acquire a privilege-bearing
-service account (SA), which Aiven needs for accessing your Google Cloud account.
-
-In the **Create custom cloud** wizard:
-
-1. Specify cloud setup details:
-
- - Custom cloud name
- - Cloud provider
- - Region
- - CIDR
-
- The **CIDR** block defines the IP address range of the VPC that
- Aiven creates in your own cloud account. Any Aiven service created in
- the custom cloud will be placed in the VPC and will get an IP
- address within this address range.
-
- In the **CIDR** field, specify an IP address range for the BYOC
- VPC using a CIDR block notation, for example: `10.0.0.0/16`,
- `172.31.0.0/16`, or `192.168.0.0/20`.
-
- Make sure that an IP address range you use meets the following
- requirements:
-
- - IP address range is within the private IP address ranges
- allowed in [RFC
- 1918](https://datatracker.ietf.org/doc/html/rfc1918).
-
- - CIDR block size is between `/16` (65536 IP addresses) and
- `/24` (256 IP addresses).
-
- - CIDR block is large enough to host the desired number of
- services after splitting it into per-availability-zone
- subnets.
-
- For example, the smallest `/24` CIDR block might be enough
- for a few services but can pose challenges during node
- replacements or maintenance upgrades if running low on
- available free IP addresses.
-
- - CIDR block of your BYOC VCP doesn't overlap with the CIDR
- blocks of VPCs you plan to peer your BYOC VPC with. You
- cannot change the BYOC VPC CIDR block after your custom
- cloud is created.
-
- - [Deployment model](/docs/platform/concepts/byoc#byoc-architecture)
-
- Choose between:
- - Private model, which routes traffic through a proxy for additional security
- utilizing a bastion host logically separated from the Aiven services.
- - Public model, which allows the Aiven control plane to connect to the service
- nodes via the public internet.
-
- - [Infrastructure tags](/docs/platform/howto/byoc/tag-custom-cloud-resources)
-
-
-
-1. Click **Next**.
-
-Your infrastructure Terraform template gets generated based on your inputs. You can
-view, copy, or download it. Now, you can use the template to acquire a privilege-bearing
-service account.
-
-#### Deploy the template
-
-Use the
-[generated Terraform template](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#generate-an-infrastructure-template)
-to create a privilege-bearing service account by deploying the template in your Google
-Cloud account.
-
-Continue working in the **Create custom cloud** wizard:
-
-1. Copy or download the template and the variables file from the
- **Create custom cloud** wizard.
-
-1. Optionally, modify the template as needed.
-
- :::note
- To connect to a custom-cloud service from different security groups
- (other than the one dedicated for the custom cloud) or from IP
- address ranges, add specific ingress rules before you apply a
- Terraform infrastructure template in your Google Cloud account in the process
- of creating a custom cloud resources.
-
- Before adding ingress rules, see the examples provided in the
- Terraform template you generated and downloaded from [Aiven
- Console](https://console.aiven.io/).
- :::
-
-1. Use Terraform to deploy the infrastructure template in your Google Cloud account with
- the provided variables.
-
- :::important
- When running `terraform plan` and `terraform apply`, add `-var-file=FILE_NAME.vars`
- as an option.
- :::
-
-1. Find a privilege-bearing service account in the output script after
- running the template.
-
-1. Supply the privilege-bearing service account into the **Create custom cloud** wizard.
-
-1. Click **Next** to proceed or park your cloud setup and save
- your current configuration as a draft by selecting **Save draft**.
- You can resume creating your cloud later.
-
-#### Set up your custom cloud's availability
-
-Select in what projects you'll be able to use your new custom cloud as a hosting cloud for
-services. In the projects where you enable your custom cloud, you can create new
-services in the custom cloud or migrate your existing services to the custom cloud if your
-service and networking configuration allows it. For more information on migrating your
-existing services to the custom cloud, contact your account team.
-
-Your cloud can be available in:
-
-- All the projects in your organization
-- Selected organizational units
-- Specific projects only
-
-To set up your cloud's availability in the **Create custom cloud** wizard >
-the **Assign BYOC to projects** section, select one of the two following options:
-
-- **By default for all projects** to make your custom cloud
- available in all existing and future projects in the
- organization
-- **By selection** to pick specific projects or organizational
- units where you want your custom cloud to be available.
-
-:::note
-By selecting an organizational unit, you make your custom cloud
-available from all the projects in this unit.
-:::
-
-#### Add customer contacts
-
-Select at least one person whom Aiven can contact in case of any technical
-issues with your custom cloud.
-
-:::note
-**Admin** is a mandatory role, which is required as a primary support contact.
-:::
-
-In the **Create custom cloud** wizard > the **Customer contacts** section:
-
-1. Select a contact person's role using the **Job title** menu, and provide their email
- address in the **Email** field.
-1. Use **+ Add another contact** to add as many customer contacts as
- needed for your custom cloud.
-1. Click **Save and validate**.
-
-The custom cloud process has been initiated for you, which is
-communicated in the the **Create custom cloud** wizard as **Creating
-your custom cloud**.
-
-#### Complete the cloud setup
-
-Select **Done** to close the **Create custom cloud** wizard.
-
-The deployment of your new custom cloud might take a few minutes. As
-soon as it's over, and your custom cloud is ready to use, you'll be
-able to see it on the list of your custom clouds in the **Bring your own
-cloud** view.
-
-:::note
-Your new custom cloud is ready to use only after its status changes to
-**Active**.
-:::
-
-
-
-
-1. Generate an IaC template by running [avn byoc create](/docs/tools/cli/byoc#avn-byoc-create).
-
- ```bash
- avn byoc create \
- --organization-id "ORGANIZATION_ID" \
- --deployment-model "DEPLOYMENT_MODEL_NAME" \
- --cloud-provider "google" \
- --cloud-region "CLOUD_REGION_NAME" \
- --reserved-cidr "CIDR_BLOCK" \
- --display-name "CUSTOM_CLOUD_DISPLAY_NAME"
- ```
-
- Replace the following:
-
- - `ORGANIZATION_ID` with the ID of your Aiven organization to
- connect with your own cloud account to create the custom cloud,
- for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites).
- - `DEPLOYMENT_MODEL_NAME` with the type of [network architecture](/docs/platform/concepts/byoc#byoc-architecture)
- your custom cloud uses:
- - `standard_public` (public) model: The nodes have public IPs and can be configured
- to be publicly accessible for authenticated users. The Aiven control plane can
- connect to the service nodes via the public internet.
- - `standard` (private) model: The nodes reside in a VPC without public IP addresses
- and are by default not accessible from outside. Traffic is routed through a proxy
- for additional security utilizing a bastion host logically separated from the
- Aiven services.
- - `CLOUD_REGION_NAME` with the name of a Google region where to create your custom cloud,
- for example `europe-north1`. See all available options in
- [Google Cloud regions](/docs/platform/reference/list_of_clouds#google-cloud).
- - `CIDR_BLOCK` with a CIDR block defining the IP address range of the VPC that Aiven
- creates in your own cloud account, for example: `10.0.0.0/16`, `172.31.0.0/16`, or
- `192.168.0.0/20`.
- - `CUSTOM_CLOUD_DISPLAY_NAME` with the name of your custom cloud, which you can set
- arbitrarily.
-
-
- Show sample output
-
-
- ```json
- {
- "custom_cloud_environment": {
- "cloud_provider": "google",
- "cloud_region": "europe-north1",
- "contact_emails": [
- {
- "email": "firstname.secondname@domain.com",
- "real_name": "Test User",
- "role": "Admin"
- }
- ],
- "custom_cloud_environment_id": "018b6442-c602-42bc-b63d-438026133f60",
- "deployment_model": "standard",
- "display_name": "My BYOC Cloud on Google",
- "errors": [],
- "reserved_cidr": "10.0.0.0/16",
- "state": "draft",
- "tags": {},
- "update_time": "2024-05-07T14:24:18Z"
- }
- }
- ```
-
-
-
-1. Deploy the IaC template.
-
- 1. Download the template and the variable file:
-
- - [avn byoc template terraform get-template](/docs/tools/cli/byoc#avn-byoc-template-terraform-get-template)
-
- ```bash
- avn byoc template terraform get-template \
- --organization-id "ORGANIZATION_ID" \
- --byoc-id "CUSTOM_CLOUD_ID" >| "tf_dir/tf_file.tf"
- ```
-
- Replace the following:
-
- - `ORGANIZATION_ID` with the ID of your Aiven organization to
- connect with your own cloud account to create the custom cloud,
- for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites).
- - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
- extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
- command, for example `018b6442-c602-42bc-b63d-438026133f60`.
-
- - [avn byoc template terraform get-vars](/docs/tools/cli/byoc#avn-byoc-template-terraform-get-vars)
-
- ```bash
- avn byoc template terraform get-vars \
- --organization-id "ORGANIZATION_ID" \
- --byoc-id "CUSTOM_CLOUD_ID" >| "tf_dir/tf_file.vars"
- ```
-
- Replace the following:
-
- - `ORGANIZATION_ID` with the ID of your Aiven organization to
- connect with your own cloud account to create the custom cloud,
- for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites).
- - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
- extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
- command, for example `018b6442-c602-42bc-b63d-438026133f60`.
-
- 1. Optionally, modify the template as needed.
-
- :::note
- To connect to a custom-cloud service from different security groups
- (other than the one dedicated for the custom cloud) or from IP
- address ranges, add specific ingress rules before you apply a
- Terraform infrastructure template in your Google Cloud account in the process
- of creating a custom cloud resources.
-
- Before adding ingress rules, see the examples provided in the
- Terraform template you generated and downloaded from the [Aiven
- Console](https://console.aiven.io/).
- :::
-
- 1. Use Terraform to deploy the infrastructure template with the provided variables in
- your Google Cloud account. This will generate a privilege-bearing service account (SA).
-
- :::important
- When running `terraform plan` and `terraform apply`, add `-var-file=FILE_NAME.vars`
- as an option.
- :::
-
- 1. Find `privilege_bearing_service_account_id` in the output script after running
- the template.
-
-1. Provision resources by running [avn byoc provision](/docs/tools/cli/byoc#avn-byoc-provision)
- and passing the generated `google-privilege-bearing-service-account-id` as an option.
-
- ```bash
- avn byoc provision \
- --organization-id "ORGANIZATION_ID" \
- --byoc-id "CUSTOM_CLOUD_ID" \
- --google-privilege-bearing-service-account-id "GENERATED_SERVICE_ACCOUNT_ID"
- ```
-
- Replace the following:
-
- - `ORGANIZATION_ID` with the ID of your Aiven organization to
- connect with your own cloud account to create the custom cloud,
- for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites).
- - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
- extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
- command, for example `018b6442-c602-42bc-b63d-438026133f60`.
- - `GENERATED_SERVICE_ACCOUNT_ID` with the identifier of the service account
- created when running the infrastructure template in your Google Cloud account,
- for example
- `projects/your-project/serviceAccounts/cce-cce0123456789a@your-project.iam.gserviceaccount.com`.
- You can extract `GENERATED_SERVICE_ACCOUNT_ID` from the output of the `terraform apply`
- command or `terraform output` command.
-
-1. Enable your custom cloud in organizations, projects, or units by running
- [avn byoc cloud permissions add](/docs/tools/cli/byoc#avn-byoc-cloud-permissions-add).
-
- ```bash
- avn byoc cloud permissions add \
- --organization-id "ORGANIZATION_ID" \
- --byoc-id "CUSTOM_CLOUD_ID" \
- --account "ACCOUNT_ID"
- ```
-
- Replace the following:
-
- - `ORGANIZATION_ID` with the ID of your Aiven organization to
- connect with your own cloud account to create the custom cloud,
- for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites).
- - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
- extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
- command, for example `018b6442-c602-42bc-b63d-438026133f60`.
- - `ACCOUNT_ID` with the identifier of your account (organizational unit) in Aiven,
- for example `a484338c34d7`. You can extract `ACCOUNT_ID` from the output of
- the `avn organization list` command.
-
-1. Add customer contacts for the new cloud by running
- [avn byoc update](/docs/tools/cli/byoc#avn-byoc-update).
-
- ```bash
- avn byoc update \
- --organization-id "ORGANIZATION_ID" \
- --byoc-id "CUSTOM_CLOUD_ID" \
- '
- {
- "contact_emails": [
- {
- "email": "EMAIL_ADDRESS",
- "real_name": "John Doe",
- "role": "Admin"
- }
- ]
- }
- '
- ```
-
- Replace the following:
-
- - `ORGANIZATION_ID` with the ID of your Aiven organization to
- connect with your own cloud account to create the custom cloud,
- for example `org123a456b789`. Get your `ORGANIZATION_ID`
- [from the Aiven Console or CLI](/docs/platform/howto/byoc/create-custom-cloud/create-google-custom-cloud#prerequisites).
- - `CUSTOM_CLOUD_ID` with the identifier of your custom cloud, which you can
- extract from the output of the [avn byoc list](/docs/tools/cli/byoc#avn-byoc-list)
- command, for example `018b6442-c602-42bc-b63d-438026133f60`.
-
-
-
-
-## Related pages
-
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [Store data in custom clouds](/docs/platform/howto/byoc/store-data)
-- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status)
-- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service)
diff --git a/docs/platform/howto/byoc/delete-custom-cloud.md b/docs/platform/howto/byoc/delete-custom-cloud.md
index 1056c382..b035f71f 100644
--- a/docs/platform/howto/byoc/delete-custom-cloud.md
+++ b/docs/platform/howto/byoc/delete-custom-cloud.md
@@ -88,6 +88,9 @@ When running `terraform destroy`, add `-var-file=FILE_NAME.vars` as an option.
## Related pages
-- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status)
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [Store data in custom clouds](/docs/platform/howto/byoc/store-data)
+- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc)
+- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc)
+- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud)
+- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud)
+- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud)
+- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources)
diff --git a/docs/platform/howto/byoc/download-infrastructure-template.md b/docs/platform/howto/byoc/download-infrastructure-template.md
index e36aa7b1..a9539018 100644
--- a/docs/platform/howto/byoc/download-infrastructure-template.md
+++ b/docs/platform/howto/byoc/download-infrastructure-template.md
@@ -84,6 +84,10 @@ avn byoc template terraform get-vars \
## Related pages
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources)
-- [Store data in custom clouds](/docs/platform/howto/byoc/store-data)
+- [Bring your own cloud](/docs/platform/concepts/byoc)
+- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc)
+- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud)
+- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud)
+- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud)
+- [Rename a custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
+- [Delete a custom cloud](/docs/platform/howto/byoc/delete-custom-cloud)
diff --git a/docs/platform/howto/byoc/enable-byoc.md b/docs/platform/howto/byoc/enable-byoc.md
index 78c04ccf..f5795ec4 100644
--- a/docs/platform/howto/byoc/enable-byoc.md
+++ b/docs/platform/howto/byoc/enable-byoc.md
@@ -7,10 +7,6 @@ import ConsoleLabel from "@site/src/components/ConsoleIcons";
Enabling [the bring your own cloud (BYOC) feature](/docs/platform/concepts/byoc) allows you to [create custom clouds](/docs/platform/howto/byoc/create-custom-cloud) in your Aiven organization.
-To enable [BYOC](/docs/platform/concepts/byoc), open the
-[Aiven Console](https://console.aiven.io/) and
-[set up a call with the Aiven sales team](/docs/platform/howto/byoc/enable-byoc#enable-byoc).
-
:::note
Enabling [the BYOC feature](/docs/platform/concepts/byoc) or creating custom
clouds in your Aiven environment does not affect the configuration of your
@@ -18,9 +14,16 @@ existing Aiven organizations, projects, or services. It only allows you to run A
services in your cloud provider account.
:::
+To be able to create custom clouds on the Aiven platform, first you need
+to enable the BYOC feature. The [Aiven Console](https://console.aiven.io/)
+offers a quick and easy way to set up a short call with the Aiven sales
+team to identify your use cases and confirm the requirements. In the
+call, we make sure BYOC can address them, and we check your environment
+eligibility for the feature.
+
:::important
Before enabling BYOC, check
-[who is eligible for BYOC](/docs/platform/concepts/byoc#who-is-eligible-for-byoc) and review
+[who is eligible for BYOC](/docs/platform/concepts/byoc#eligible-for-byoc) and review
[feature limitations](/docs/platform/howto/byoc/enable-byoc#byoc-enable-limitations) and
[prerequisites](/docs/platform/howto/byoc/enable-byoc#byoc-enable-prerequisites).
:::
@@ -68,11 +71,17 @@ You must be a [super admin](/docs/platform/howto/make-super-admin) to enable thi
## Next steps
-With BYOC activated in your Aiven organization, you can
-[create and use custom clouds](/docs/platform/howto/byoc/create-custom-cloud).
+With BYOC activated in your Aiven organization, you can create and use custom
+clouds:
+
+- [By yourself if using AWS or GCP](/docs/platform/howto/byoc/create-custom-cloud#create-cloud).
+- By contacting the Aiven team if using Azure or OCI.
## Related pages
-- [About bring your own cloud](/docs/platform/concepts/byoc)
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud)
+- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc)
+- [Create a custom cloud](/docs/platform/howto/byoc/create-custom-cloud)
+- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud)
+- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud)
+- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources)
+- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
diff --git a/docs/platform/howto/byoc/manage-byoc-service.md b/docs/platform/howto/byoc/manage-byoc-service.md
deleted file mode 100644
index 078fcd22..00000000
--- a/docs/platform/howto/byoc/manage-byoc-service.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-title: Manage services hosted in custom clouds
-sidebar_label: Manage BYOC services
----
-
-import ConsoleLabel from "@site/src/components/ConsoleIcons";
-import Tabs from '@theme/Tabs';
-import TabItem from '@theme/TabItem';
-
-Create a service in your custom cloud or migrate an existing service to your custom cloud.
-
-## Create a service in a custom cloud
-
-
-
-To create a service in the [Aiven Console](https://console.aiven.io/) in your new
-custom cloud, follow the guidelines in
-[Create a service](/docs/platform/howto/create_new_service).
-
-When creating a service in the [Aiven Console](https://console.aiven.io/), at the
-**Select service region** step, select **Custom clouds** from the available regions.
-
-
-To create a service hosted in your new custom cloud, run
-[avn service create](/docs/tools/cli/service-cli#avn-cli-service-create) passing your new
-custom cloud name as an option:
-
-```bash
-avn service create \
- --project "PROJECT_NAME" \
- --service-type "TYPE_OF_BYOC_SERVICE" \
- --plan "PLAN_OF_BYOC_SERVICE" \
- --cloud "CUSTOM_CLOUD_NAME" \
- "NEW_BYOC_SERVICE_NAME"
-```
-
-
-
-
-## Migrate an existing service to a custom cloud
-
-You can migrate a non-BYOC Aiven-managed service to your custom cloud. How you do that
-depends on the [deployment mode](/docs/platform/concepts/byoc#byoc-architecture) of
-your custom cloud: public or private.
-
-### Migrate to public BYOC
-
-To migrate a service to a custom cloud in the public deployment model,
-[change a cloud provider and a cloud region](/docs/platform/howto/migrate-services-cloud-region)
-to point to your custom cloud.
-
-### Migrate to private BYOC
-
-Migrating a service to a custom cloud in the private deployment model requires network
-reconfiguration. Services are never exposed to the internet, and correct private
-communication must be established. Contact your account team for private migration guidance.
-
-## Related pages
-
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [Store data in custom clouds](/docs/platform/howto/byoc/store-data)
-- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status)
diff --git a/docs/platform/howto/byoc/networking-security.md b/docs/platform/howto/byoc/networking-security.md
index 7688dbef..f433fa1b 100644
--- a/docs/platform/howto/byoc/networking-security.md
+++ b/docs/platform/howto/byoc/networking-security.md
@@ -115,7 +115,10 @@ For more information on Aiven security and compliance, see
## Related pages
-- [About bring your own cloud](/docs/platform/concepts/byoc)
-- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc)
+- [Bring your own cloud](/docs/platform/concepts/byoc)
+- [Enable the BYOC feature](/docs/platform/howto/byoc/enable-byoc)
- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud)
-- [Store data in custom clouds](/docs/platform/howto/byoc/store-data)
+- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud)
+- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud)
+- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
+- [Download an infrastructure template](/docs/platform/howto/byoc/download-infrastructure-template)
diff --git a/docs/platform/howto/byoc/rename-custom-cloud.md b/docs/platform/howto/byoc/rename-custom-cloud.md
index 7d46672e..04c082f3 100644
--- a/docs/platform/howto/byoc/rename-custom-cloud.md
+++ b/docs/platform/howto/byoc/rename-custom-cloud.md
@@ -65,7 +65,9 @@ avn byoc update \
## Related pages
-- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status)
+- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc)
+- [Enable bring your own cloud (BYOC)](/docs/platform/howto/byoc/enable-byoc)
+- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud)
- [Assign a project to your custom cloud](/docs/platform/howto/byoc/assign-project-custom-cloud)
- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud)
- [Tag custom cloud resources](/docs/platform/howto/byoc/tag-custom-cloud-resources)
diff --git a/docs/platform/howto/byoc/store-data.md b/docs/platform/howto/byoc/store-data.md
deleted file mode 100644
index f93121b0..00000000
--- a/docs/platform/howto/byoc/store-data.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-title: Store data in custom clouds
-sidebar_label: Storage data
-keywords: [bring your own cloud, byoc, custom cloud, BYOC cloud, object storage, tiered storage, S3 bucket, S3]
----
-
-import ConsoleLabel from "@site/src/components/ConsoleIcons";
-
-Depending on your cloud provider, data in your custom cloud can be stored either in Aiven-owned cloud or in your own cloud account, the latter being currently allowed with AWS only.
-
-## BYOC tiered storage
-
-:::important
-[BYOC](/docs/platform/concepts/byoc) tiered storage is only supported in AWS custom clouds for
-[Aiven for Apache Kafka](/docs/products/kafka/howto/kafka-tiered-storage-get-started) and
-[Aiven for ClickHouse](/docs/products/clickhouse/concepts/clickhouse-tiered-storage).
-:::
-
-To store data, AWS [BYOC](/docs/platform/concepts/byoc) environments use tiered storage, a
-data allocation mechanism for improved efficiency and cost optimization of data management.
-When enabled, tiered storage allows moving data automatically between hot storage (for
-frequently accessed, critical, and often updated data) and cold storage (for rarely
-accessed, static, or archived data).
-
-Cold data of AWS-BYOC-hosted services is stored in object storage in your own AWS cloud
-account. One S3 bucket is created per custom cloud.
-
-:::note
-
-- Tiered storage enabled on non-BYOC services is owned by Aiven and as such doesn't allow
- to store cold data in your own cloud account.
-- Non-BYOC services with Aiven-owned tiered storage cannot be migrated to BYOC.
-
-:::
-
-To use tiered storage in an AWS-BYOC-hosted service, tiered storage needs to be enabled both
-[in your custom cloud](/docs/platform/howto/byoc/store-data#enable-tiered-storage-in-a-custom-cloud)
-and
-[in the BYOC-hosted service](/docs/platform/howto/byoc/store-data#enable-tiered-storage-on-a-service).
-
-## Enable tiered storage in a custom cloud
-
-- **New AWS custom clouds**: Tiered storage is enabled by default in all new AWS custom
- clouds so you can proceed to
- [enabling tiered storage on a service](/docs/platform/howto/byoc/store-data#enable-tiered-storage-on-a-service).
-- **Existing AWS custom clouds with no tiered storage support**:
- [Contact the Aiven support team](mailto:support@aiven.io) to request enabling tiered
- storage in your custom cloud.
-
-## Enable tiered storage on a service
-
-### Prerequisites
-
-- At least one AWS [custom cloud](/docs/platform/howto/byoc/create-custom-cloud)
-- At least one [Aiven-manged service](/docs/platform/howto/create_new_service), either
- Aiven for Apache Kafka® or Aiven for ClickHouse®, hosted in an AWS custom cloud
-
- :::note
- If your Aiven-managed service is not hosted in a custom cloud, you can
- [migrate it](/docs/platform/howto/byoc/manage-byoc-service#migrate-an-existing-service-to-a-custom-cloud).
- :::
-
-### Activate tiered storage
-
-- [Enable for Aiven for Apache Kafka](/docs/products/kafka/howto/enable-kafka-tiered-storage)
-- [Enable for Aiven for Clickhouse](/docs/products/clickhouse/howto/enable-tiered-storage)
-
-## Related pages
-
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status)
-- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service)
diff --git a/docs/platform/howto/byoc/tag-custom-cloud-resources.md b/docs/platform/howto/byoc/tag-custom-cloud-resources.md
index 2f8b1098..12f5ea51 100644
--- a/docs/platform/howto/byoc/tag-custom-cloud-resources.md
+++ b/docs/platform/howto/byoc/tag-custom-cloud-resources.md
@@ -128,7 +128,9 @@ Any change to infrastructure tags requires reapplying the Terraform template.
## Related pages
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [View the status of a custom cloud](/docs/platform/howto/byoc/view-custom-cloud-status)
-- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service)
-- [Download an infrastructure template and a variables file](/docs/platform/howto/byoc/download-infrastructure-template)
+- [About bring your own cloud (BYOC)](/docs/platform/concepts/byoc)
+- [Enable the bring your own cloud (BYOC) feature](/docs/platform/howto/byoc/enable-byoc)
+- [Create a custom cloud in Aiven](/docs/platform/howto/byoc/create-custom-cloud)
+- [Enable your AWS custom cloud in Aiven organizations, units, or projects](/docs/platform/howto/byoc/assign-project-custom-cloud)
+- [Add customer's contact information for your custom cloud](/docs/platform/howto/byoc/add-customer-info-custom-cloud)
+- [Rename your custom cloud](/docs/platform/howto/byoc/rename-custom-cloud)
diff --git a/docs/platform/howto/byoc/view-custom-cloud-status.md b/docs/platform/howto/byoc/view-custom-cloud-status.md
deleted file mode 100644
index b2afb5ab..00000000
--- a/docs/platform/howto/byoc/view-custom-cloud-status.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-title: View the status of a custom cloud
-sidebar_label: View custom cloud status
----
-
-import ConsoleLabel from "@site/src/components/ConsoleIcons";
-
-Find out whether your custom cloud is ready to use by viewing its status.
-
-1. Log in to [Aiven Console](https://console.aiven.io/) as an
- administrator, and go to an organization.
-1. From the top navigation bar, select **Admin**.
-1. From the left sidebar, select .
-1. In the **Bring your own cloud** view, identify your new cloud on the
- list of available clouds and check its status in the **Status**
- column.
-
-When your custom cloud's status is **Active**, its deployment has been completed. Your
-custom cloud is ready to use and you can see it on the list of your custom clouds in the
-**Bring your own cloud** view.
-
-Now you can
-[create new services in the custom cloud](/docs/platform/howto/byoc/manage-byoc-service#create-a-service-in-a-custom-cloud)
-or
-[migrate your existing services to the custom cloud](/docs/platform/howto/byoc/manage-byoc-service#migrate-an-existing-service-to-a-custom-cloud)
-if your service and networking configuration allows it. For more information on migrating
-your existing services to the custom cloud, contact your account team.
-
-## Related pages
-
-- [Bring your own cloud networking and security](/docs/platform/howto/byoc/networking-security)
-- [Store data in custom clouds](/docs/platform/howto/byoc/store-data)
-- [Manage services hosted in custom clouds](/docs/platform/howto/byoc/manage-byoc-service)
diff --git a/docs/tools/cli/byoc.md b/docs/tools/cli/byoc.md
index 23726134..d6e984ac 100644
--- a/docs/tools/cli/byoc.md
+++ b/docs/tools/cli/byoc.md
@@ -13,7 +13,7 @@ Set up and manage your [custom clouds](/docs/platform/concepts/byoc) using the A
| Parameter | Required | Information |
| ------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `--organization-id` | Yes | Identifier of an organization where to create the custom cloud |
-| `--deployment-model`| Yes | Determines the [deployment model](/docs/platform/concepts/byoc#byoc-architecture), for example `standard` (the default deployment model with a private workload network) |
+| `--deployment-model`| Yes | Determines the [deployment model](/docs/platform/concepts/byoc#byoc-deployment), for example `standard` (the default deployment model with a private workload network) |
| `--cloud-provider` | Yes | Cloud provider to be used for running the custom cloud, for example`aws` (Amazon Web Services) |
| `--cloud-region` | Yes | Cloud region where to create the custom cloud, for example `eu-west-1` |
| `--reserved-cidr` | Yes | IP address range of the VPC to be created in your cloud account for Aiven services hosted on a custom cloud |
diff --git a/sidebars.ts b/sidebars.ts
index 88f23e04..ad99c32b 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -308,27 +308,13 @@ const sidebars: SidebarsConfig = {
items: [
'platform/howto/byoc/networking-security',
'platform/howto/byoc/enable-byoc',
- {
- type: 'category',
- label: 'Create custom clouds',
- link: {
- type: 'doc',
- id: 'platform/howto/byoc/create-custom-cloud/create-custom-cloud',
- },
- items: [
- 'platform/howto/byoc/create-custom-cloud/create-aws-custom-cloud',
- 'platform/howto/byoc/create-custom-cloud/create-google-custom-cloud',
- ],
- },
+ 'platform/howto/byoc/create-custom-cloud',
'platform/howto/byoc/assign-project-custom-cloud',
'platform/howto/byoc/add-customer-info-custom-cloud',
'platform/howto/byoc/tag-custom-cloud-resources',
- 'platform/howto/byoc/store-data',
'platform/howto/byoc/rename-custom-cloud',
'platform/howto/byoc/download-infrastructure-template',
'platform/howto/byoc/delete-custom-cloud',
- 'platform/howto/byoc/manage-byoc-service',
- 'platform/howto/byoc/view-custom-cloud-status',
],
},
{
diff --git a/static/_redirects b/static/_redirects
index e6c87f8d..bee695cd 100644
--- a/static/_redirects
+++ b/static/_redirects
@@ -211,7 +211,7 @@
/valkey https://aiven.io/docs/products/valkey
/products/kafka/howto/enable-karapace https://aiven.io/docs/products/kafka/howto/enable-schema-registry
/products/kafka/howto/list-schema-registry https://aiven.io/docs/products/kafka/howto/enable-schema-registry
-/platform/howto/byoc/create-custom-cloud https://aiven.io/docs/platform/howto/byoc/create-custom-cloud/create-custom-cloud
+
# Keep splats at the end
#
diff --git a/static/images/content/figma/byoc-aws-private.png b/static/images/content/figma/byoc-aws-private.png
index 9879624b..743eca95 100644
Binary files a/static/images/content/figma/byoc-aws-private.png and b/static/images/content/figma/byoc-aws-private.png differ
diff --git a/static/images/content/figma/byoc-aws-public.png b/static/images/content/figma/byoc-aws-public.png
index 979dd313..3f8453b0 100644
Binary files a/static/images/content/figma/byoc-aws-public.png and b/static/images/content/figma/byoc-aws-public.png differ
diff --git a/static/images/content/figma/byoc-gcp-private.png b/static/images/content/figma/byoc-gcp-private.png
index 5d0c4746..304c31fb 100644
Binary files a/static/images/content/figma/byoc-gcp-private.png and b/static/images/content/figma/byoc-gcp-private.png differ
diff --git a/static/images/content/figma/byoc-gcp-public.png b/static/images/content/figma/byoc-gcp-public.png
index 8f73beda..6f2cf2d6 100644
Binary files a/static/images/content/figma/byoc-gcp-public.png and b/static/images/content/figma/byoc-gcp-public.png differ
diff --git a/static/images/content/figma/byoc-how-it-works.png b/static/images/content/figma/byoc-how-it-works.png
deleted file mode 100644
index 52be7223..00000000
Binary files a/static/images/content/figma/byoc-how-it-works.png and /dev/null differ