DocsICP FilingConsole
官方文档
首页

Connect to ApsaraMQ for Kafka through a VPC

更新时间:
复制 MD 格式
产品详情
我的收藏

Create and deploy an ApsaraMQ for Kafka instance in a VPC, and obtain the endpoint for your Kafka client.

Prerequisites

  • A VPC and vSwitch exist in your target region. You can create them during deployment if needed.

Note

On first deployment, the console prompts you to authorize the service-linked role AliyunServiceRoleForAlikafka. Click OK to grant the required permissions.

Step 1: Create an instance

  1. Log on to the ApsaraMQ for Kafka console.

  2. In the Quick Start section on the right side of the page, click Create Instance.

  3. In the panel that appears, select an Instance Series and a billing model:

    Billing model

    Use cases

    Pay-as-you-go

    For development, testing, or workloads with fluctuating traffic.

    Subscription

    For production environments with predictable usage and costs.

    Serverless

    Pay based on actual usage with automatic elastic scaling.

    Click OK.

  4. On the purchase page, configure the instance parameters:

    Parameter

    Description

    Instance type

    Standard (High-write) is suitable for most use cases.

    Region

    Match the region of your application servers to minimize latency.

    Instance type

    Select VPC instance.

    Traffic specification

    Choose based on estimated throughput. For example, alikafka.hw.2xlarge supports 20 MB/s read/write.

    Disk type

    Ultra Disk suits general workloads. Use SSD for high throughput or large message backlogs.

    Disk capacity

    Base capacity on your retention period. Recommended: 300–900 GB.

  5. Click Buy Now and complete the payment.

After purchase, the instance list shows the instance in Not Deployed state.

Step 2: Obtain VPC information

Before deploying the instance, obtain the VPC and vSwitch IDs.

  1. Log on to the Virtual Private Cloud console.

  2. In the left-side navigation pane, click vSwitches.

  3. In the top navigation bar, select the target region.

  4. On the vSwitches page, record the following information:

    • vSwitch ID: Find this in the Instance ID/name column.

    • VPC ID: Find this in the Virtual private cloud column.

Note

The vSwitch determines the instance's availability zone. Choose one close to your application servers to minimize latency.

No VPC? Create one quickly

  1. In the Virtual Private Cloud console, click Create VPC.

  2. Enter a name and set an IPv4 CIDR block, such as 192.168.0.0/16.

  3. Add a vSwitch during VPC creation. Select an availability zone and set a subnet CIDR block such as 192.168.0.0/24.

Step 3: Deploy the instance

  1. In the ApsaraMQ for Kafka console, find the Not Deployed instance on the instance list page.

  2. In the Actions column, click Deploy.

  3. In the Deploy Instance panel, configure the following parameters:

    Parameter

    Description

    VPC ID

    Select the VPC from Step 2.

    vSwitch ID

    Select the vSwitch from Step 2.

    Version

    Select 2.6.2 (recommended) or 2.2.0.

    Message retention period

    How long messages are retained. Default: 72 hours.

    Maximum message size

    Maximum size per message. Default: 1 MB.

    Consumer offset retention period

    How long consumer offsets are retained. Default: 10,080 minutes (7 days).

    Disk encryption

    Enable this setting if you require encryption at rest.

    Professional edition only:

    • Cross-zone deployment — Distribute the instance across availability zones for disaster recovery.

    • ACL feature — Enable access control with SASL authentication.

  4. Click OK.

Note

Deployment takes 10–30 minutes. The instance status changes from Deploying to Running.

Step 4: Get the instance endpoint

After the instance is running:

  1. On the instance list page, click the instance name to open instance details.

  2. In the Endpoint information section, view the instance endpoint.

    Type

    Network

    Protocol

    Use case

    Default endpoint

    VPC

    PLAINTEXT

    Access from within the VPC

    Example endpoint format:

    alikafka-pre-public-intl-sg-xxxxx-1-vpc.alikafka.aliyuncs.com:9092,
alikafka-pre-public-intl-sg-xxxxx-2-vpc.alikafka.aliyuncs.com:9092,
alikafka-pre-public-intl-sg-xxxxx-3-vpc.alikafka.aliyuncs.com:9092

  3. Copy the endpoint and set it as the bootstrap.servers value in your Kafka client.

Step 5: Configure endpoint whitelist

By default, only clients in the same vSwitch can connect. To allow access from other VPC subnets, configure a whitelist.

  1. In Endpoint information, find the endpoint and click Manage Whitelist in the Actions column.

  2. On the Whitelist Management page, click Add Whitelist Group.

  3. Configure the whitelist group:

    • Group name: Enter a name, such as app-servers.

    • IP addresses in group: Enter the IP addresses or CIDR blocks to allow.

  4. Click OK.

Verify network connectivity

Run this command from a server in your VPC:

telnet alikafka-pre-public-intl-sg-xxxxx-1-vpc.alikafka.aliyuncs.com 9092

A successful connection confirms correct network configuration.

Next steps

After the instance is running:

  1. Create a topic to organize messages.

  2. Create a group to manage message consumption.

  3. Connect your application using the endpoint.

Previous:Step 2: Purchase and deploy an instanceNext:Deploy an internet- and VPC-connected instance