All Products
Search
Document Center

ApsaraMQ for Kafka:Access from a VPC

Last Updated:Mar 06, 2025

If you require access to ApsaraMQ for Kafka exclusively within a VPC network, you can purchase and deploy a VPC-connected instance.

Prerequisites

Step 1: purchase an instance

  1. Log on to the ApsaraMQ for Kafka console and, in the left-side navigation pane, click Instances.

  2. In the top menu bar, select a region, then click the Buy Instance button.

  3. In the Select Instance Billing Method panel, select Instance Edition and Billing Method. Choose Serverless,Subscription or Pay-as-you-go (Hourly) as needed, and then click OK.

  4. In the Purchase panel, configure the parameters according to your business needs, then click Purchase Now and follow the on-screen instructions to complete the payment.

    Non-serverless instances

    Parameter

    Example value

    Edition type

    Standard Edition (High Write)

    For differences between editions, see Instance type.

    Region

    China (Hangzhou)

    Instance type

    VPC-connected instance

    Traffic specification

    alikafka.hw.2xlarge

    For the peak traffic of network interface cards and the number of partitions provided free of charge for different traffic specifications, see Traffic specification description.

    Number of partitions

    100

    This parameter specifies the number of partitions that you want to purchase. The total number of partitions on an instance is calculated based on the following formula: Total number of partitions = Number of partitions provided free of charge by the traffic specification + Number of partitions that you purchase. For the number of partitions provided free of charge for different traffic specifications, see Traffic specification description.

    Disk type

    SSD

    An SSD delivers higher IOPS than an ultra disk. In scenarios in which the message throughput is high or many messages are accumulated, we recommend that you select SSD for this parameter.

    Disk capacity

    900 GB

    Resource group

    Shared resource group

    Serverless instances

    Parameter

    Example value

    Edition type

    Standard Edition

    For differences between editions, see Instance type.

    Region and zone

    China (Hangzhou)

    Instance type

    VPC-connected instance

    Reserved sending capacity

    60 MB/s

    Reserved subscription capacity

    60 MB/s

    Resource group

    Shared resource group

Step 2: obtain VPC information

  1. Log in to the Virtual Private Cloud console.

  2. In the left-side navigation pane, click vSwitch. Then, select the region from the top menu bar where your VPC network is deployed.

  3. On the vSwitch page, you can view the target vSwitch ID and VPC ID.

    • The Instance ID/Name column displays the vSwitch ID.

    • The VPC column shows the VPC ID where the vSwitch is located.

Step 3: deploy the instance

  1. On the ApsaraMQ for Kafka console, navigate to the Instances page, locate the Not Deployed instance, and in the right-side column, click Operation, followed by Deploy.

  2. In the Deploy Instance panel, configure the following parameters, and then click OK.

    Non-serverless instances

    Parameter

    Description

    Example

    VPC ID

    Select the VPC ID obtained in Step 2: Obtain VPC information.

    vpc-bp17fapfdj0dwzjkd****

    vSwitch ID

    Select the vSwitch ID obtained in Step 2: Obtain VPC information.

    vsw-bp1gbjhj53hdjdkg****

    Cross-zone Deployment

    If the instance edition is Professional Edition, you can specify whether to deploy the instance across zones. Instances that are deployed across zones provide excellent disaster recovery capabilities and have a high tolerance for faults that affect data centers.

    Yes

    Candidate Zones of Primary Zone

    After you select a vSwitch ID, the system automatically sets the value of this parameter to the zone where the vSwitch is deployed. You can also change the value of this parameter by selecting or adding other zones. This parameter is required only if Cross-zone Deployment is set to Yes.

    Zone D

    Candidate Zones of Secondary Zone

    We recommend that you select a new zone as the secondary zone. In most cases, select the zone from bottom to top in alphabetical order. The primary and secondary zones do not overlap. This parameter is required only if Cross-zone Deployment is set to Yes.

    Zone H

    Force Deployment in the Selected Zone

    Specify whether to deploy the instance in the selected zone candidate set. The default value is No. This parameter is required only if Cross-zone Deployment is set to Yes.

    No

    Version

    The version of ApsaraMQ for Kafka that you want to deploy. The supported version numbers correspond to the version numbers of open source Apache Kafka.

    • 2.6.2

    • 2.2.0

    2.2.0

    Message Retention Period

    Specify the retention period of messages. Unit: hours.

    72

    Maximum Message Size

    Specify the maximum size of a message that can be received on the instance. Unit: MB.

    1

    Consumer Offset Retention Period

    Specify the retention period of consumer offsets. Unit: minutes.

    10080

    ACL

    Specify whether to enable the ACL feature. With the ApsaraMQ for Kafka ACL feature, you can grant SASL users the permissions to send and receive messages from ApsaraMQ for Kafka as needed to achieve permission separation.

    Note

    Only Professional Edition instances support the ACL feature.

    • Enable

    • Disable

    Disable

    VPC Transmission Encryption

    Specify whether to enable message transmission encryption. This parameter can be configured only if the ACL is enabled.

    • Enable

    • Disable

    Disable

    Disk Encryption

    Specify whether to enable instance encryption.

    Enable

    Disk Encryption Key ID

    The key ID for disk encryption in the region where the instance is deployed. Follow the on-screen instructions to specify a key ID. This parameter is required only if the Disk Encryption parameter is set to Enable.

    0d24xxxx-da7b-4786-b981-9a164dxxxxxx

    Serverless instances

    Parameter

    Description

    Example

    VPC ID

    Select the VPC ID obtained in Step 2: Obtain VPC information.

    vpc-bp17fapfdj0dwzjkd****

    vSwitch ID

    Select the vSwitch ID obtained in Step 2: Obtain VPC information.

    vsw-bp1gbjhj53hdjdkg****

    Version

    The version of ApsaraMQ for Kafka that you want to deploy. The supported version numbers correspond to the version numbers of open source Apache Kafka.

    3.3.1

    Message Retention Period

    Specify the retention period of messages. Unit: hours.

    72

    Maximum Message Size

    Specify the maximum size of a message that can be received on the instance. Unit: MB.

    1

    Consumer Offset Retention Period

    Specify the retention period of consumer offsets. Unit: minutes.

    10080

    ACL

    Specify whether to enable the ACL feature. With the ApsaraMQ for Kafka ACL feature, you can grant SASL users the permissions to send and receive messages from ApsaraMQ for Kafka as needed to achieve permission separation.

    • Enable

    • Disable

    Disable

    VPC Transmission Encryption

    Specify whether to enable message transmission encryption. This parameter can be configured only if the ACL is enabled.

    • Enable

    • Disable

    Disable

    The instance will enter the Deploying status. Deployment typically takes about 10 to 30 minutes to complete.

Step 4: view instance endpoints

  1. On the ApsaraMQ for Kafka console, click the name of the desired instance on the Instances page.

  2. On the Instance Details page, you can view the instance's endpoints in the Endpoint Information area. For more information on how to select an endpoint, see Endpoint comparison.

Step 5: Configure the endpoint whitelist and test the network

  1. On the Instance Details page, locate the desired endpoint in the Endpoint Information section, and click Actions under the Manage Whitelist column.

  2. On the Whitelist Management page, click Create Whitelist. Then, enter the Name and an IP address or segment. Finally, click OK.

  3. On the local client, enable Telnet and execute telnet endpoint domain name port number to test the connectivity to ApsaraMQ for Kafka.

    For instance, the client accesses ApsaraMQ for Kafka using the default endpoint and executes telnet alikafka-pre-cn-zv**********-1-vpc.alikafka.aliyuncs.com 9092.

    If the Telnet test is successful, network connectivity is established. VPC

    If the instance is operational but the client cannot connect, use the self-check tool for troubleshooting. For instructions, see Guide to self-checking the health of an instance.

What to do next

To proceed, create resources.