Create a custom cloud in Aiven#

A custom cloud is your own cloud infrastructure integrated with your Aiven organization. Using a custom cloud in Aiven may be the optimal solution if you have specific business needs or project requirements, such as a strict regulatory compliance.


Creating custom clouds in your Aiven organization requires enabling the bring your own cloud (BYOC) feature, which is a limited availability feature. If you’re interested in trying it out, contact the sales team at

This article provides you with instructions on how to add a custom cloud to your Aiven organization.

About creating a custom cloud#

If you have the administrator’s role in your Aiven organization, and you enable BYOC, you can create a custom cloud on the Aiven platform. For this purpose, you’ll need to configure your custom cloud setup in Aiven Console and prepare your own Amazon Web Services (AWS) account so that Aiven can access it.

In Aiven Console, you’ll use the Create custom cloud workflow to generate a Terraform infrastructure-as-code (IaC) template. Next, you’ll deploy this template in your AWS account to acquire Role ARN (Amazon Resource Name). You’ll supply your Role ARN into the Create custom cloud workflow, which will give Aiven the permissions to securely access your AWS account, create resources, and manage them onward. Finally, you’ll assign projects and add customer contacts for your custom cloud.



  • Administrator’s role for your Aiven organization

  • AWS account

  • BYOC feature enabled for your Aiven organization by the sales team (

  • Access to Aiven Console

  • Terraform installed

Create a custom cloud#

Generate an infrastructure template#

In this step, an IaC template is generated in the Terraform format. In the next step, you’ll deploy this template in your AWS account to acquire Role ARN (Amazon Resource Name), which Aiven needs for accessing your AWS account.

In the Create custom cloud workflow, proceed as follows:

  1. Specify the following:

    • Custom cloud name

    • Cloud provider


      Amazon Web Services (AWS) is the only option supported currently.

    • Region

    • CIDR

      Aiven needs CIDR for the CIDR block of the VPC that will be created in your AWS account.

      • Specify inbound rules with the CIDR block notation, for example: (allowing as a single address), (allowing traffic from anywhere), or (allowing traffic from 100.1..).

      • To create VPC peerings with that VPC, choose a CIDR block that doesn’t overlap with CIDR blocks of peer VPCs.

      • Keep in mind that CIDR block needs be large enough so that, after splitting it into per-region subnets, each subnet has enough addresses to fit required services.

    • Deployment model

      The deployment model determines how resources within your Aiven organization are arranged. It also imposes the method of connectivity between Aiven’s control plane and networks under your cloud provider account.


      BYOC standard is the only option supported currently.

  2. Select Next.


Your IaC Terraform template gets generated based on your inputs. You can view, copy, or download it. Now, you can use the template to acquire Role ARN.

Deploy the template to acquire Role ARN#

Role ARN is an identifier of the role created when running the infrastructure template in your AWS account. Aiven uses Role ARN to assume the role and run operations such as creating VMs for service nodes in your BYOC account.

Use the Terraform template generated in step Generate an infrastructure template to create your Role ARN by deploying the template in your AWS account.


When running terraform plan and terraform apply, make sure you add -var-file=FILE_NAME.vars as an option.

As soon as you acquire Role ARN, enter it into the Role ARN field in the Create custom cloud workflow, and select Next to proceed.


You can park your cloud setup here, save your current configuration as a draft, and resume creating your cloud later.

Assign projects and customer contacts#

Continue working in the Create custom cloud workflow by taking the following steps:

  1. From the Assign projects dropdown menu, select projects for which you want your custom cloud to be available.

  2. To add customer contacts, select their roles using the Role dropdown menu, and provide email addresses in the Email field. Using +, add as many customer contacts as needed for your custom cloud.


    The customer contact information is used by the Aiven support team to contact you in case any technical issue with the custom cloud needs fixing.

  3. Select Finish.


The custom cloud process has been initiated for you, which is communicated in the the Create custom cloud workflow.

Complete the cloud setup#

You’re all set. Select Done to close the Create custom cloud workflow.


The deployment of your new custom cloud might take a few minutes. As soon as it’s over, and your custom cloud is ready to use, you’ll be able to see it on the list of your custom clouds in the Bring you own cloud view.