Egress Private Service Connect Endpoint Setup: Neo4j on Google Cloud for Confluent Cloud

This topic presents the steps for configuring the Neo4j Sink connector in Confluent Cloud using Egress Private Service Connect on Google Cloud.

Prerequisites

The following are the prerequisites for configuring the Neo4j Sink connector with an Egress Private Service Connect:

• In Confluent Cloud, one of the following cluster types is set up with the specified network resource:

  • A Dedicated cluster with a Confluent Cloud network.

    For the steps to create a Confluent Cloud network, see Create a Confluent Cloud network. The Connection type of the network needs to be “PrivateLink Access”.

  • A Enterprise cluster with a network gateway.

    For the steps to create a gateway, see Create a gateway for outbound connectivity in Confluent Cloud.

• Neo4j Aura DB running in the Google Cloud.

• Confluent Cloud network (Dedicated) setup running within the same region and cloud as the Neo4j Aura DB.

Step 1. Obtain GCP project ID from Confluent Cloud

1. In the Confluent Cloud Console, go to Environment → Network, and select the associated Private Service Connect network you want to use.

2. In Network overview, make a note of Confluent Cloud GCP Project ID associated with the Private Service Connect Endpoint. This will be required for adding a Private Service Connect Endpoint in the Neo4j Aura console.

   

Step 2. Add Private Endpoint in Neo4j Aura

In the Neo4j Aura console, create a private endpoint for your Dedicated or Enterprise Neo4j Aura DB:

1. Select a project to add a Private Service Connect Endpoint.

2. In the Security & Networking section, go to Settings → Private Endpoints.

3. Click New network access configuration.

   

4. Select the instance type and GCP region (ensure this matches your Confluent cluster region).

5. In Target GCP Project ID’s field, enter Confluent Cloud GCP Project ID you retrieved in Step 1. Obtain GCP project ID from Confluent Cloud. Click Enable Private Service Connect to add the Private Service Connect Endpoint.

   

6. Make a note of the Service Attachment URL which will be required for creating a Confluent Cloud Private Service Connect Endpoint.

   

7. You can close the workflow for now. You will complete the rest of the configuration after you create a VPC endpoint ID in Confluent Cloud.

Step 3. Create an Egress Private Service Connect Endpoint in Confluent Cloud

Dedicated cluster

1. In the Network management page or tab of the desired Confluent Cloud environment, click the Confluent Cloud network you want to add the Private Service Connect Endpoint to. The Connection Type of the network should be “PrivateLink Access”.

2. Click Create endpoint in the Egress connections tab.

3. Click the service you want to connect to, specifically, Neo4j. Select Other if you do not see the specific service.

4. Follow the guided steps to specify the field values, including:

   • Service: Name of the service connecting to. For example, Neo4j.

   • Endpoint name: Name of the Private Service Connect Endpoint.

   • Private Service Connect Endpoint Target: Enter the Google Cloud Service Attachment URI you retrieved in Step 2. Add Private Endpoint in Neo4j Aura.

5. Click Create endpoint to create the Private Service Connect Endpoint.

6. Make a note of the GCP Project ID which will be required to configure Confluent’s endpoint in Step 4. Configure the Confluent endpoint in Neo4j Aura..

   

7. If there are additional steps for the specific target service, follow the prompt to complete the tasks, and then click Finish.

Enterprise cluster

1. In the Network management page or tab of the desired Confluent Cloud environment, click the For serverless products tab.

2. Click the gateway to which you want to add the Private Service Connect Endpoint.

3. In the Access points tab, click Add access point.

4. Click the service you want to connect to, specifically, Neo4j. Select Other if you do not see the specific service.

   Specific services are listed based on the cloud provider for the gateway.

5. Follow the guided steps to specify the field values, including:

   • Access point name: Name of the Private Service Connect Endpoint.

   • Create an endpoint with high availability: Check the box if you wish to deploy an endpoint with High Availability.

     Endpoints deployed with high availability have network interfaces deployed in multiple availability zones.

   • PrivateLink service name: Enter the Google Cloud Service Attachment URI you retrieved in Step 2. Add Private Endpoint in Neo4j Aura.

6. Click Create access point to create the Private Service Connect Endpoint.

7. Make a note of the GCP Project ID which will be required to configure Confluent’s endpoint in Step 4. Configure the Confluent endpoint in Neo4j Aura.

8. If there are additional steps for the specific target service, follow the prompt to complete the tasks, and click Finish.

Step 4. Configure the Confluent endpoint in Neo4j Aura

In the Neo4j Aura console, edit the previously created Neo4j network access configuration.

1. Click + Add project ID and enter the GCP Project ID you retrieved in Step 3. Create an Egress Private Service Connect Endpoint in Confluent Cloud.

   

2. Click Disable public traffic and save the change. This changes your instance’s connection string to a protected one that the internet cannot access.

   

3. Make a note of the Private Endpoint DNS (for example, production-orch-1151.neo4j.io) which will be required for creating a DNS record in the next step.

Step 5. Create a DNS record

Dedicated cluster

1. When the Private Service Connect Endpoint status transitions to “Ready”, in the DNS tab, click Create record on the associated Service Connect Endpoint.

   

2. Specify the following, and click Save.

   • Access point: Select the Private Service Connect Endpoint you created above in Step 3. Create an Egress Private Service Connect Endpoint in Confluent Cloud.

   • Domain: Enter the domain name you created above in Step 4. Configure the Confluent endpoint in Neo4j Aura.

Enterprise cluster

1. In the Network Management tab of your environment, click the For serverless products tab, and click the Confluent Cloud gateway you want to add the DNS record to.

2. In the DNS tab, click Create DNS record.

3. Specify the following field values:

   • Access point: Select the Private Service Connect Endpoint you created above in Step 3. Create an Egress Private Service Connect Endpoint in Confluent Cloud.

   • Domain: Enter the domain name you created above in Step 4. Configure the Confluent endpoint in Neo4j Aura.

4. Click Save.

Step 6. Create the Neo4j Sink connector

1. Specify the authentication details for Neo4j.

   For the Neo4j URI, the DNS name you fetched in Step 4. Configure the Confluent endpoint in Neo4j Aura, prepending it with the required prefix, neo4j+s://<dbid>.

   

2. Follow the steps to create the sink connector in Confluent Cloud.