Aruba Cloud Environment Initialization
This guide covers everything you need to initialize a Fractal Cloud environment on Aruba Cloud — the EU-sovereign cloud platform (arubacloud.com).
Prerequisites
Before initializing, ensure you have:
- An Aruba Cloud account with an active project at admin.arubacloud.com
- API credentials — OAuth2 client ID and client secret, created in the Aruba Cloud panel under API Management
- A datacenter selection — Aruba operates datacenters in Italy (Bergamo, Rome, Arezzo), Czech Republic (Prague), UK (London), and Germany (Frankfurt)
Aruba Cloud scopes API operations to a single datacenter. Fractal Cloud deploys one agent instance per datacenter. If you need workloads in multiple datacenters, initialize a separate environment for each.
What gets created
When you initialize an Aruba Cloud environment, Fractal Cloud provisions the following management infrastructure:
| Resource | Purpose |
|---|---|
| Hub VPC | Central routing point with NAT VM (shared egress) and bastion host (shared ingress) |
| Management Spoke VPC | Hosts agent infrastructure, peered to hub |
| 3 Cloud Servers (HA) | Run the Fractal Cloud agents and Vault cluster, spread across 3 AZs |
| Vault cluster | 3-node HA cluster with Raft storage and Aruba KMS auto-unseal |
| MySQL DBaaS | Leader election for agent HA and deployment configuration |
| VPC Peering | Connects management spoke to hub for routing |
All management traffic stays on private networks. Only Aruba REST API calls and control plane communication traverse the internet (via the NAT VM).
Initialize via Web UI
- Navigate to your environment in the Fractal Cloud Web UI
- Open the Cloud Agents tab
- Click Add New Cloud Agent and select Aruba
- Enter your Aruba Cloud credentials:
- OAuth Client ID — your API key (e.g.,
cmp-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) - OAuth Client Secret — your API secret
- Project ID — the Aruba project name (e.g.,
default)
- OAuth Client ID — your API key (e.g.,
- Click Authenticate — Fractal Cloud validates your credentials
- Select a datacenter from the world map
- Click Initialize to start provisioning
The initialization process takes approximately 10-15 minutes. You can monitor progress in the environment dashboard.
Initialize via SDK
TypeScript SDK
import {
BoundedContext,
Environment,
KebabCaseString,
OwnerId,
OwnerType,
ServiceAccountCredentials,
ServiceAccountId,
} from '@fractal_cloud/sdk';
const credentials = ServiceAccountCredentials.getBuilder()
.withId(ServiceAccountId.getBuilder().withValue('your-service-account-id').build())
.withSecret('your-service-account-secret')
.build();
const environment = Environment.getBuilder()
.withId(
Environment.Id.getBuilder()
.withOwnerType(OwnerType.Personal)
.withOwnerId(OwnerId.getBuilder().withValue('your-owner-id').build())
.withName(KebabCaseString.getBuilder().withValue('production').build())
.build()
)
.withCloudProvider('Aruba')
.withParameters({
ProjectId: 'default',
Datacenter: 'dc1',
OAuthClientId: process.env.ARUBA_OAUTH_CLIENT_ID!,
OAuthClientSecret: process.env.ARUBA_OAUTH_CLIENT_SECRET!,
})
.build();
await environment.initialize(credentials);
Terraform Provider
resource "fc_environment" "aruba_prod" {
bounded_context_id = data.fc_personal_bounded_context.existing.id
name = "production"
cloud_provider = "Aruba"
parameters = {
ProjectId = "default"
Datacenter = "dc1"
OAuthClientId = var.aruba_oauth_client_id
OAuthClientSecret = var.aruba_oauth_client_secret
}
}
Supported component types
Once initialized, the Aruba Cloud agent can provision:
| Category | Components |
|---|---|
| Networking | VPC, Subnet, Security Group, VPC Peering, VPN Tunnel |
| Compute | Cloud Server, SSH Key Pair, Bare Metal |
| Kubernetes | Managed KaaS (HA control plane, auto-scaling node pools) |
| Databases | MySQL DBaaS, MS SQL DBaaS |
| Storage | S3-compatible Object Storage, Block Storage |
Additionally, a CaaS Kubernetes agent runs alongside the Aruba agent to provision BigData workloads on KaaS clusters:
| Category | Components |
|---|---|
| BigData | Spark Operator, Spark Cluster, Spark Job, MLflow, Unity Catalog |
| Messaging | Kafka (Strimzi), Kafka Topic |
| Observability | Prometheus, Elastic, Jaeger |
| Security | Service Mesh (Ocelot) |
| API Management | Ambassador, Traefik |
Credential rotation
Aruba API keys have a 90-day rotation cycle. Rotate the keys before expiry and update the environment credentials to avoid agent authentication failures.
Do not manually modify or delete any Fractal Cloud Agent resources in your Aruba project. To disconnect your environment from Fractal Cloud, use the UI or SDK to remove the Environment — this will also clean up all Cloud Agent resources.