Aerospike Cloud Quickstart

This quickstart explains how to set up a database cluster in Aerospike Cloud. The suggested options configure the minimal features you need to preview the product.

Overview

Aerospike Cloud is a fully automated Aerospike database management system in the cloud. The Cloud preview includes the features you need to run a production-ready instance of Aerospike in the cloud.

Assumptions

This quickstart assumes a basic understanding of the following:

• Database deployments, features, and use cases
• AWS VPC peering

Terminology

• VPC ID: A unique identifier for a Virtual Private Cloud (VPC), which is a logically isolated, private network within a public cloud provider’s infrastructure.
• VPC CIDR block: A block of IP addresses, represented using Classless Inter-Domain Routing (CIDR) notation, that defines the IP address range for a VPC or its subnets.
• AWS VPC peering: A networking connection between two VPCs that enables you to route traffic between them using private IP addresses.

Prerequisites

• An account with Aerospike Cloud.
• An account with AWS.
• An existing AWS VPC with a CIDR that does not overlap the Aerospike-managed VPC’s CIDR (10.128.0.0/19 and 10.129.0.0/24).
• DNS hostnames and DNS resolution enabled in your VPC attributes.
• Your VPC ID, VPC CIDR, AWS Account ID, and Region. Aerospike Cloud provides the details needed for the Aerospike VPC side.

Quickstart goals

When you finish this quickstart, you will have done the following:

• Created an Aerospike Cloud account
• Provisioned an Aerospike Cloud database cluster
• Configured a peering connection between your AWS VPC and the Aerospike Cloud AWS VPC

Create an account

To create an Aerospike Cloud account with your email address and password, go to the Cloud console, click Register now and fill out the form.

You can also:

• Sign up with Google OIDC using an existing Google account.
• Accept an invitation from an existing user and join their Aerospike Cloud organization.

Note

New accounts do not have enterprise contracts by default. If you are setting up a new account, contact your sales specialist to get an enterprise billing plan for the Aerospike Cloud database clusters you need.

The Service Level Agreements (SLAs) of your new cluster depend on the number of zones and the replication factor; consider your use case and what guarantees you need.

Provision your first cluster

Follow the steps below to provision and launch your first Aerospike Cloud database cluster.

1. On the left side of the Aerospike Cloud console, click Clusters, then click Provision cluster.

2. On the Provision a new cluster screen, enter a name for your cluster, then click Continue.

   Note

   AWS is preselected as the cloud provider. Support for GCP is coming in a future release.

3. On the Set deployment location and layout screen, set the following options:

   a. Region: Determines the physical location of your cloud servers. We recommend that you select the same region as the applications that you are connecting to Aerospike Cloud. If you will connect from multiple regions, select the region where most applications will connect or the closest region to those applications.

   b. CIDR range: Specifies the IP address range for your cluster’s private network. Use the auto-generated default range.

   c. Number of zones: Distributes nodes across zones to improve availability and fault isolation. Leave zones set at 1.

   d. Zone ID assignment: Manually assign nodes to specific zones to control data distribution. Use the auto-assigned zones.

4. Click Continue.

5. On the Configure availability and storage screen, set the following:

   a. Replication factor: Sets how many copies of each record are stored to ensure data availability. We recommend 2 as the minimum replication factor to avoid data loss in case of a hardware failure.

   b. Consistency mode: Controls how strictly the cluster enforces up-to-date reads during failures. Strong consistency (SC) is only available with local storage.

   c. Storage engine: Defines whether data is stored in memory, on SSDs. Choose Memory as a temporary cache, or Local disk for a system of record.

6. Click Continue.

7. On the Select node size and count screen, set the following:

   a. Instance type: Select the radio button next to i4i.large, the first instance type in the list, and then click Continue.

   b. Node count: Must be a multiple of the number of zones, and must be greater than the replication factor. More nodes increase availability and reduce per-node load. Leave the default value.

8. Click Continue on the Server configuration page – there is no need for manual configuration in the quickstart.

9. Verify that your selections match what you want, then click Launch cluster.

VPC peering

VPC peering, enables your app running in an AWS VPC (consumer) to communicate privately with an Aerospike Database cluster running in the AWS VPC inside Aerospike Cloud, without traversing the public internet. VPC peering reduces latency and exposure, ensuring a more secure connection for your Aerospike clusters.

Steps for VPC peering

1. Create or identify your AWS VPC.

   • Create a new VPC in AWS or verify your existing VPC. Verify that the CIDR range does not overlap with Aerospike’s 10.128.0.0/19 and 10.129.0.0/24.
   • Take note of your VPC:
     • VPC ID (for example vpc-0abcd1234efgh5678)
     • CIDR Block (for example 10.0.0.0/16)
     • AWS Account ID (for example 123456789012)
     • AWS Region (for example us-east-1)

2. Initiate VPC peering.

   In the Cloud console:

   • Navigate to your project and find the Networking or VPC Peering section for your cluster.
   • Click Create VPC Peering.
   • Fill in the details of your AWS VPC:
     • AWS Account ID: The 12-digit ID of your AWS account where your VPC resides.
     • AWS Region: The AWS region of the your VPC
     • VPC ID: The identifier of your VPC
     • VPC CIDR: Your VPC’s IPv4 CIDR block.
   • Submit the peering request. The Aerospike Cloud service initiates a VPC peering connection from the Aerospike VPC to your VPC.

   Aerospike’s AWS account creates a peering connection request. The connection status shows Pending Acceptance until you accept it in your AWS account.

3. Accept the peering request

   • If Aerospike Cloud initiated the request, you must accept it on your AWS side.
   • In AWS console: VPC → Peering Connections → select the pending peering → Actions → Accept Request.
   • Or use the CLI:

     aws ec2 accept-vpc-peering-connection \
       --vpc-peering-connection-id pcx-1410263943e464f4a \
       --region us-east-1

4. Update route tables

   • In VPC → Route Tables, locate the route table for subnets needing Aerospike access (EC2 or EKS).
   • Add a route with:
     • Destination: Aerospike VPC CIDR (10.128.0.0/19)
     • Target: The VPC peering connection (for example pcx-1410263943e464f4a)
   • Aerospike Cloud updates its VPC routes automatically on their side.
   • EKS Note: If you use EKS, each worker subnet must also have a route sending traffic to the Aerospike CIDR through the peering connection.
   • Or via aws CLI:

     aws ec2 create-route \
       --region us-east-1 \
       --route-table-id rtb-0123456789abcdef0 \
       --destination-cidr-block 10.128.0.0/19 \
       --vpc-peering-connection-id pcx-1410263943e464f4a

5. Associate private hosted zone (DNS)

   Note

   DNS association is required to resolve Aerospike cluster endpoints. Verify that enableDnsSupport and enableDnsHostnames are set to true in your VPC settings.

   After the peering connection is accepted, get the Hosted Zone ID from the Cloud console and associate your VPC with Aerospike’s private hosted zone:

   aws route53 associate-vpc-with-hosted-zone \
     --hosted-zone-id Z04089311NGVVH0FO3QGG \
     --vpc VPCRegion=us-east-1,VPCId=vpc-0abcd1234efgh5678

   • After a few moments, DNS queries (for example fcd8461a-49ee-42ea-ae08-7366a94e7654.aerospike.internal) in your VPC resolves to Aerospike’s private IP addresses.

6. Configure security groups

   To restrict traffic initiation to one-way from your VPC to the Aerospike VPC while allowing return traffic, configure security groups in your VPC.

   • Outbound Rules:
     • Allow outbound traffic to port 4000 to the Aerospike port on the Aerospike VPC range (for example 10.128.0.0/19).
     • Allow outbound traffic to port 9145 to the Aerospike Prometheus Exporter metrics port on the Aerospike VPC range (for example 10.128.0.0/19).
   • Inbound Rules:
     • Do not add an inbound rule that explicitly allows traffic from the Aerospike VPC range.
     • Since security groups are stateful, if an instance in your VPC initiates a connection to the Aerospike VPC, the return traffic is automatically allowed back in.
   Note

   The Aerospike VPC is automatically configured to allow inbound traffic from peered VPCs and has outbound rules configured to ensure proper return traffic to your VPC.

7. Test connectivity

   The Database hostname/TLS name can be found in the Cloud console.

   • Test DNS, this dig command should return list of private IPs, one for each Aerospike node:

     dig +short <aerospike tlsName>

     As an example if tlsName=fcd8461a-49ee-42ea-ae08-7366a94e7654.aerospike.internal

     dig +short fcd8461a-49ee-42ea-ae08-7366a94e7654.aerospike.internal

   • EC2:

     ping 10.128.1.50        # If ICMP is allowed, use an IP from the result of the above `dig` command
     nc -zv 10.128.1.50 4000 # Check Aerospike on port 4000

   • If connection fails, double-check route tables, peering acceptance, and security group rules.

8. Connecting to Aerospike using AQL and TLS

   Find the connection details for your cluster in the Cloud console. These include the hostname and a TLS CA file. The certificate verifies the authenticity of the Aerospike server you are connecting to and establishes an encrypted connection, ensuring your data is secure.

   aql --tls-enable --tls-name CLUSTER-ID --tls-cafile TLS-CERTIFICATE -h HOSTNAME:PORT -U USERNAME -P PASSWORD

VPC peering status definitions

Throughout the process you will see status indicators for the peering connection in the Aerospike Cloud portal and AWS. Here are common statuses and their meaning:

• Pending Acceptance: The peering connection request has been created by Aerospike and is awaiting your acceptance in AWS. In this state, you need to take action to accept the request. (If not accepted within 7 days, the request will expire.)
• Active: The peering connection is fully established. An active status on both sides means the link is ready for use (though routing/DNS may still need to be configured as described above).
• Provisioning: (Transient state) The request was accepted and AWS is in the process of making it active. This status usually changes to Active within a short time without further action.
• Failed: The peering request failed to establish. This can happen due to invalid parameters or network overlaps. A failed connection cannot be accepted or used. You may need to delete it and create a new request.
• Rejected: The peering request was explicitly declined by the accepter (your side). No connection is made. Create a new request if you rejected by mistake.
• Expired: The request wasn’t accepted within the allowed time (7 days). The connection is not made and the request must be recreated if still needed.

In the Cloud console these statuses might be labeled slightly differently. For example, you may see “Pending” instead of “Pending Acceptance”. “Active” is the desired end state. If your connection shows “Active” but you cannot connect to the database, double-check that routes and DNS are set up (those steps are outside the raw peering status).

In case of failure

If a failure occurs make sure to check the following settings:

• The account ID for VPC (Accepter) is entered correctly.
• The correct VPC ID for VPC (Accepter) is selected.
• None of the primary CIDR blocks or secondary CIDR blocks for your selected VPC (Requester) and VPC (Accepter) overlap.

Once peering is active and routes are properly configured your AWS resources (EC2, EKS, etc.) communicate privately with Aerospike Cloud. This approach eliminates internet exposure and generally yields lower latency. If there is a problem connecting check that the following are configured correctly:

• Security group rules: Ensure inbound/outbound rules allow Aerospike port 4000 (AWS Security Group Rules documentation)
• Route table entries: Confirm they target the correct CIDR and peering connection ID.
• DNS settings: If using private DNS, confirm successful domain resolution.

Done!

You have now provisioned your first Aerospike Cloud database cluster and established connectivity from your own AWS VPC. Now you can create a database user or start thinking about creating a client application you can connect to your new cluster.