Restrict Access to Confluent Cloud¶
User accounts in Confluent Cloud have superuser admin privileges by default. To provide restricted access to your cluster you can distribute API keys using the Kafka command-line tools.
- Prerequisite
- Confluent Platform is installed on the same local machine as the Confluent Cloud CLI.
Create a properties file with the following contents, including and API key (
api-key
) and secret (<api-secret>
) pair, and bootstrap servers (<broker-endpoint1>
) and save ascloud-access.properties
. A superuser can provide an API key/secret pair.bootstrap.servers=<broker-endpoint1, broker-endpoint2, broker-endpoint3> request.timeout.ms=20000 retry.backoff.ms=500 sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required password="<api-secret>" \ username="<api-key>"; sasl.mechanism=PLAIN security.protocol=SASL_SSL ssl.endpoint.identification.algorithm=https
Run your
kafka-
tools with thecloud-access.properties
specified. For example:kafka-topics
kafka-topics --create --bootstrap-server <broker-endpoint> --replication-factor 3 \ --partitions 1 --topic my-topic --command-config cloud-access.properties
kafka-console-producer
kafka-console-producer --topic my-topic --producer.config cloud-access.properties \ --broker-list <broker-endpoint>
kafka-console-consumer
kafka-console-consumer --topic my-topic --consumer.config cloud-access.properties \ --bootstrap-server <broker-endpoint> --from-beginning