Prerequisites
Before you can create a deployment in the EZ-CDC portal, you need certain AWS resources already in place. This page explains what you need before starting the deployment wizard.
The deployment wizard guides you through creating the IAM role (via CloudFormation) and automatically provisions security groups, worker instances, and the VPC Endpoint (for PrivateLink mode). You only need to prepare your networking and databases beforehand.
Choose Your Connectivity Mode
EZ-CDC offers two connectivity modes. Choose based on your security requirements:
| Mode | Description | Best For |
|---|---|---|
| Standard | Workers connect to control-plane via public internet (HTTPS) | Most use cases, simpler setup |
| PrivateLink | Workers connect via AWS PrivateLink (no public internet) | Enterprise, strict security requirements |
Standard Mode Prerequisites
For standard connectivity, workers connect to the EZ-CDC control-plane over the public internet using HTTPS/TLS encryption.
What You Need Before Starting
1. A VPC
Any VPC in a supported region. No special configuration required.
2. At Least 2 Subnets with Internet Access
- In different Availability Zones (for high availability)
- Must have outbound internet access
Workers need outbound connectivity to the EZ-CDC control-plane on port 443 (HTTPS/gRPC).
By default, workers run in subnets with direct internet access. If you prefer workers to remain in private subnets without public IPs, you can add a NAT Gateway to provide outbound connectivity. This is optional and depends on your security requirements.
3. Network Access to Your Databases
From the subnets you select, workers must be able to reach:
| Database | Port |
|---|---|
| PostgreSQL (source) | 5432 |
| StarRocks (sink) | 9030, 8040 |
Standard Mode Checklist
□ VPC in a supported region
□ 2+ subnets in different AZs with outbound internet access
□ PostgreSQL reachable from subnets (port 5432)
□ StarRocks reachable from subnets (port 9030, 8040)
PrivateLink Mode Prerequisites
For PrivateLink connectivity, workers connect to the EZ-CDC control-plane through AWS PrivateLink. Traffic never leaves the AWS network.
The VPC Endpoint that connects workers to the EZ-CDC control-plane is created automatically during deployment. You do not need to create it yourself.
What You Need Before Starting
1. A VPC with DNS Enabled
Critical: Your VPC must have these settings enabled:
enable_dns_support = true
enable_dns_hostnames = true
Without these settings, the VPC Endpoint created during deployment will not work.
Verify in AWS Console:
- Go to VPC → Your VPCs
- Select your VPC
- Check "DNS resolution" and "DNS hostnames" are both Enabled
Or verify with AWS CLI:
aws ec2 describe-vpc-attribute --vpc-id vpc-xxx --attribute enableDnsSupport
aws ec2 describe-vpc-attribute --vpc-id vpc-xxx --attribute enableDnsHostnames
If not enabled, enable them:
aws ec2 modify-vpc-attribute --vpc-id vpc-xxx --enable-dns-support '{"Value":true}'
aws ec2 modify-vpc-attribute --vpc-id vpc-xxx --enable-dns-hostnames '{"Value":true}'
2. At Least 2 Private Subnets
- In different Availability Zones (for high availability)
No outbound internet access is needed. Workers download binaries and communicate with the control-plane entirely through the VPC Endpoint (created automatically during deployment).
3. Network Access to Your Databases
From the subnets you select, workers must be able to reach:
| Database | Port |
|---|---|
| PostgreSQL (source) | 5432 |
| StarRocks (sink) | 9030, 8040 |
PrivateLink Mode Checklist
□ VPC with DNS support ENABLED
□ VPC with DNS hostnames ENABLED
□ 2+ private subnets in different AZs
□ PostgreSQL reachable from subnets (port 5432)
□ StarRocks reachable from subnets (port 9030, 8040)
Database Requirements
Both connectivity modes require your databases to be properly configured.
PostgreSQL Source
| Requirement | Value |
|---|---|
| Version | PostgreSQL 12+ |
| WAL Level | logical |
| Max Replication Slots | At least 1 available per job |
| Max WAL Senders | At least 1 available per job |
Verify with:
SHOW wal_level; -- Must be 'logical'
SHOW max_replication_slots; -- Must have available slots
SHOW max_wal_senders; -- Must have available senders
See PostgreSQL Requirements for detailed setup.
StarRocks Sink
| Requirement | Value |
|---|---|
| Version | StarRocks 2.5+ |
| Stream Load | Enabled |
| HTTP Port | 8040 accessible |
| MySQL Port | 9030 accessible |
See StarRocks Requirements for detailed setup.
Supported Regions
EZ-CDC supports deployment in these AWS regions:
| Region | Name |
|---|---|
| us-east-1 | N. Virginia |
| us-east-2 | Ohio |
| us-west-2 | Oregon |
| eu-west-1 | Ireland |
| eu-central-1 | Frankfurt |
| ap-southeast-1 | Singapore |
Summary
| Requirement | Standard Mode | PrivateLink Mode |
|---|---|---|
| VPC | Any | DNS enabled (both settings) |
| Subnets | 2+ in different AZs, with internet access | 2+ private, in different AZs |
| Internet access | Required | Not required |
| PostgreSQL access | From subnets | From subnets |
| StarRocks access | From subnets | From subnets |
Created Automatically During Deployment
These resources are provisioned by EZ-CDC when you create a deployment — you do not need to set them up:
| Resource | Description |
|---|---|
| IAM Role | Created via guided CloudFormation in the portal wizard |
| Security Groups | Egress-only rules for worker communication |
| Auto Scaling Group | Worker EC2 instances |
| VPC Endpoint | PrivateLink connection to EZ-CDC (PrivateLink mode only) |
| CloudWatch Log Groups | Worker and daemon logs |
| Worker IAM Profile | Permissions for S3, CloudWatch, SSM |
Next Steps
Once you have all prerequisites in place:
- Create Deployment - The wizard guides you through IAM role setup, network configuration, and launching workers