Skip to main content

Aruba Cloud Environment Initialization

This guide covers everything you need to initialize a Fractal Cloud environment on Aruba Cloud — the EU-sovereign cloud platform (arubacloud.com).

Prerequisites

Before initializing, ensure you have:

  1. An Aruba Cloud account with an active project at admin.arubacloud.com
  2. API credentials — OAuth2 client ID and client secret, created in the Aruba Cloud panel under API Management
  3. A datacenter selection — Aruba operates datacenters in Italy (Bergamo, Rome, Arezzo), Czech Republic (Prague), UK (London), and Germany (Frankfurt)
One agent per datacenter

Aruba Cloud scopes API operations to a single datacenter. Fractal Cloud deploys one agent instance per datacenter. If you need workloads in multiple datacenters, initialize a separate environment for each.

What gets created

When you initialize an Aruba Cloud environment, Fractal Cloud provisions the following management infrastructure:

ResourcePurpose
Hub VPCCentral routing point with NAT VM (shared egress) and bastion host (shared ingress)
Management Spoke VPCHosts agent infrastructure, peered to hub
3 Cloud Servers (HA)Run the Fractal Cloud agents and Vault cluster, spread across 3 AZs
Vault cluster3-node HA cluster with Raft storage and Aruba KMS auto-unseal
MySQL DBaaSLeader election for agent HA and deployment configuration
VPC PeeringConnects management spoke to hub for routing

All management traffic stays on private networks. Only Aruba REST API calls and control plane communication traverse the internet (via the NAT VM).

Initialize via Web UI

  1. Navigate to your environment in the Fractal Cloud Web UI
  2. Open the Cloud Agents tab
  3. Click Add New Cloud Agent and select Aruba
  4. Enter your Aruba Cloud credentials:
    • OAuth Client ID — your API key (e.g., cmp-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
    • OAuth Client Secret — your API secret
    • Project ID — the Aruba project name (e.g., default)
  5. Click Authenticate — Fractal Cloud validates your credentials
  6. Select a datacenter from the world map
  7. Click Initialize to start provisioning

The initialization process takes approximately 10-15 minutes. You can monitor progress in the environment dashboard.

Initialize via SDK

TypeScript SDK

import {
BoundedContext,
Environment,
KebabCaseString,
OwnerId,
OwnerType,
ServiceAccountCredentials,
ServiceAccountId,
} from '@fractal_cloud/sdk';

const credentials = ServiceAccountCredentials.getBuilder()
.withId(ServiceAccountId.getBuilder().withValue('your-service-account-id').build())
.withSecret('your-service-account-secret')
.build();

const environment = Environment.getBuilder()
.withId(
Environment.Id.getBuilder()
.withOwnerType(OwnerType.Personal)
.withOwnerId(OwnerId.getBuilder().withValue('your-owner-id').build())
.withName(KebabCaseString.getBuilder().withValue('production').build())
.build()
)
.withCloudProvider('Aruba')
.withParameters({
ProjectId: 'default',
Datacenter: 'dc1',
OAuthClientId: process.env.ARUBA_OAUTH_CLIENT_ID!,
OAuthClientSecret: process.env.ARUBA_OAUTH_CLIENT_SECRET!,
})
.build();

await environment.initialize(credentials);

Terraform Provider

resource "fc_environment" "aruba_prod" {
bounded_context_id = data.fc_personal_bounded_context.existing.id
name = "production"

cloud_provider = "Aruba"
parameters = {
ProjectId = "default"
Datacenter = "dc1"
OAuthClientId = var.aruba_oauth_client_id
OAuthClientSecret = var.aruba_oauth_client_secret
}
}

Supported component types

Once initialized, the Aruba Cloud agent can provision:

CategoryComponents
NetworkingVPC, Subnet, Security Group, VPC Peering, VPN Tunnel
ComputeCloud Server, SSH Key Pair, Bare Metal
KubernetesManaged KaaS (HA control plane, auto-scaling node pools)
DatabasesMySQL DBaaS, MS SQL DBaaS
StorageS3-compatible Object Storage, Block Storage

Additionally, a CaaS Kubernetes agent runs alongside the Aruba agent to provision BigData workloads on KaaS clusters:

CategoryComponents
BigDataSpark Operator, Spark Cluster, Spark Job, MLflow, Unity Catalog
MessagingKafka (Strimzi), Kafka Topic
ObservabilityPrometheus, Elastic, Jaeger
SecurityService Mesh (Ocelot)
API ManagementAmbassador, Traefik

Credential rotation

Aruba API keys have a 90-day rotation cycle. Rotate the keys before expiry and update the environment credentials to avoid agent authentication failures.

Important

Do not manually modify or delete any Fractal Cloud Agent resources in your Aruba project. To disconnect your environment from Fractal Cloud, use the UI or SDK to remove the Environment — this will also clean up all Cloud Agent resources.