Fully-Managed Kafka, Air-Gapped Within Your VPC
AutoMQ BYOC runs entirely in your cloud account, ensuring complete data sovereignty and security isolation.
Everything Runs in Your VPC
Control plane, data plane, all components live in your cloud account. There is no inbound or outbound traffic to external vendor services.
Air-Gapped Network Isolation
The deployment requires no VPC peering, PrivateLink, or cross-account traffic. Your service cluster is fully isolated without complex security group configurations.
Data Never Leaves Your VPC
All event streams, state, and metadata are confined to your VPC. We provide management without data access.
The Secret to Managed Services in Air-Gapped Networks
How AutoMQ achieves full management capabilities without accessing your data
Isolated Data Storage
Diagnostic data like logs and metrics are stored separately from partition data in dedicated S3 buckets from day one, ensuring clean operational separation.
Diagnostic Data Sharing
By securely sharing diagnostic buckets with AutoMQ, we enable 24/7 fully-managed oversight, detecting anomalies within minutes.
Proactive Health Monitoring
Our global SRE center performs continuous inspection of your deployment, shifting diagnostics left to prevent issues before they occur.
Automated Self-Healing
With 48 built-in remediation rules driven by real-time metrics, AutoMQ predicts risks, isolates faults, and maintains service stability autonomously.
AutoMQ's BYOC vs Traditional BYOC
See how AutoMQ's modern BYOC architecture compares to traditional BYOC solutions
Traditional BYOC | AutoMQ's BYOC | |
|---|---|---|
Network Connections VPC connectivity requirements | Requires persistent inbound or outbound network connections to vendor services. | Maintains zero network connections between your VPC and AutoMQ. |
Deployment Complexity Setup and maintenance overhead | Demands complex VPC peering or PrivateLink setup, incurring high maintenance overhead. | Delivers true non‑invasive deployment—no peering, PrivateLink, or complex security groups. |
Auditability Vendor access transparency | Offers limited auditability for vendor diagnostics within your VPC. | Shares diagnostics via cross‑account S3 buckets with full, verifiable audit history. |
Access Permissions Security risk exposure | Often grants the vendor root access, introducing significant risk. | Enforces read‑only, scope‑limited permissions, eliminating risks from root access. |
True Air-Gapped Architecture
AutoMQ's innovative architecture separates control plane and data plane, ensuring your data never leaves your VPC. Unlike traditional BYOC solutions that require VPC peering and cross-account access, AutoMQ manages your infrastructure through metadata only, giving you complete data sovereignty and security.
Use AutoMQ BYOC like a SaaS
From PoC to full‑scale deployment, it's as simple as using a SaaS—without the traditional software procurement overhead.
Consistent Multi‑Cloud Experience
Operates seamlessly across AWS, GCP, Azure, and OCI—delivering the same capabilities and interface on any S3‑compatible cloud.
One‑Click via Cloud Marketplace
Subscribe and pay through your cloud provider’s marketplace, with usage billed directly to your existing cloud account.
Truly Pay‑As‑You‑Go
Only pay for what you stream—no capacity planning required. Usage‑based discounts apply automatically as you scale.
Learn more about pricingPrivate SaaS‑Like Experience
Provision and manage Kafka clusters like a VM—go from zero to production in minutes via UI or automate with Terraform.
Multi-Cloud Experience
Deploy seamlessly across AWS, Azure, GCP
One-Click Subscription
Launch production-ready clusters in minutes
Pay-As-You-Go
Only pay for what you stream
The Diskless Advantage
Traditional Kafka was designed for the era of local disks. AutoMQ was re-architected from day one for cloud object storage. This isn't just about eliminating problems—it's about redefining what cloud-native Kafka should be.
Apache Kafka® | AutoMQ BYOC | |
|---|---|---|
Cloud-Native Storage Architecture S3 as the single source of truth, no local disk management | ||
No EBS Volume Dependencies Eliminate EBS provisioning, scaling, and monitoring overhead | ||
Intelligent Traffic Orchestration Automatic partition and broker load balancing without manual rebalancing | ||
Balanced Performance Architecturally eliminate hot spots and disk bottlenecks | ||
Elastic Resource Utilization Pay only for what you use, no capacity reservation for peak loads | ||
Simplified Network Architecture No VPC peering, PrivateLink, NAT gateways, or complex networking setup required | ||
Automated Scaling Operations Built-in auto-scaling without custom scripts, tools, or operators | ||
Elastic Workload Isolation Stream-based architecture enables fine-grained resource isolation | ||
Native Integration Capabilities Built-in data pipelines without deploying separate connector infrastructure |
Currently in production at:
Enterprise Ready Features
AutoMQ BYOC is enterprise-ready with fine-grained RBAC, SSO integration and Terraform support for Infrastructure-as-Code compliance. AutoMQ BYOC also supports Kafka Admin APIs, CLI tools, and third-party management platforms—ensuring secure, auditable, and vendor-agnostic operations within your cloud environment.
Powering Your Kafka Ecosystem
Go beyond basic Kafka with enterprise‑grade solutions for seamless migration, managed connectors, multi‑cluster resilience, and lakehouse integration—all in one unified platform.
Table Topic
Natively integrates Iceberg/Delta Lake table formats to auto-convert Kafka topics into query-ready tables without ETL pipelines.
Managed Connector
300+ connectors with 100% compatibility with Kafka upstream and downstream ecosystem.
Kafka Linking
Zero-downtime migration from any Kafka. Byte-for-byte replication. Rolling cutover. Done.
Multi-Cluster DR
Unified access point for multiple clusters with transparent topic cluster switching through proxy metadata routing for disaster recovery capabilities.
BYOC or Software? Choose Your Experience
Both models guarantee 100% sovereignty by keeping your Data, Metadata (KRaft), and Control Plane entirely within your own VPC.
AutoMQ BYOC
The "Turnkey" Solution
Fully automated orchestration for teams that want a managed service experience.
One-Click Cluster Management
Deploy and manage the entire lifecycle via the AutoMQ Cloud Console. No manual provisioning of brokers or infrastructure.
Fully Automated Operations
Enjoy "Set-it-and-Forget-it" Kafka. AutoMQ handles automated scaling, rebalancing, and version patching within your VPC.
Ultimate Privacy (Triple-Plane Isolation)
The Control Plane, Data, and KRaft Metadata all stay inside your VPC. You get SaaS-level automation without ever opening your network to external third parties.
Flexible Cloud Billing
Pay-as-you-go pricing integrated directly with Cloud Marketplace subscriptions (AWS, GCP, Azure, OCI).
AutoMQ Software
The "Integrated" Solution
Leverage your existing DevOps assets and Kubernetes ecosystem.
Preserve Existing Tech Stacks
Built for teams using Strimzi, Helm Charts, or custom K8s Operators. Drop AutoMQ into your existing Kafka deployment workflow without changing a line of code.
Total Architectural Control
Perfect for power users who want to manage their own maintenance windows, resource scheduling, and infrastructure tuning.
Same "Zero-Leak" Security
Just like BYOC, your Data, KRaft Metadata, and Control Plane remain 100% within your security perimeter (Public Cloud or Private IDC).
Flexible Enterprise Billing
Supports Pay-as-you-go + Marketplace (plus a dedicated Support Fee) or Custom Contract options for large-scale enterprise needs.
| Feature | BYOC | Software |
|---|---|---|
| Data, Metadata & Control Plane | Inside Your Cloud VPC | Your EnvironmentVPC or On-Prem |
| Deployment Method | AutomatedOne-Click via Console | Self-ManagedStrimzi, Helm, or Manual |
| Billing Mode | Pay-as-you-go / Marketplace | Pay-as-you-go or Contract |
| Additional Fees | Zero | Support Fee |
Why 80% of our public cloud customers choose BYOC:
Because the Data, Metadata, and Control Plane are already isolated in your VPC, BYOC offers the same security as Software but removes the operational burden of managing Strimzi or Helm. It's the fastest path to a production-ready, diskless Kafka.