Amazon S3 Sink Connector for Confluent Cloud

Note

If you are installing the connector locally for Confluent Platform, see Amazon S3 Sink Connector for Confluent Platform.

You can use the Connect Amazon S3 Sink connector for Confluent Cloud to export Avro, JSON Schema, Protobuf, JSON (schemaless), or Bytes data from Apache Kafka® topics to S3 objects in Avro, Parquet, JSON, or Bytes format. Depending on your environment, the S3 connector can export data by guaranteeing exactly-once delivery semantics to consumers of the S3 objects it produces.

Note

Parquet output format is available for dedicated clusters only.

The Amazon S3 Sink connector periodically polls data from Kafka and in turn uploads it to S3. A partitioner is used to split the data of every Kafka partition into chunks. Each chunk of data is represented as an S3 object. The key name encodes the topic, the Kafka partition, and the start offset of this data chunk. If no partitioner is specified in the configuration, the default partitioner which preserves Kafka partitioning is used. The size of each data chunk is determined by the number of records written to S3 and by schema compatibility.

Features

The Amazon S3 Sink connector provides the following features:

  • Exactly Once Delivery: Records that are exported using a deterministic partitioner are delivered with exactly-once semantics regardless of the eventual consistency of S3.

  • Data Format with or without a Schema: The connector supports input data from Kafka topics in Avro, JSON Schema, Protobuf, JSON (schemaless), or Bytes format and exports data to Amazon S3 in Avro, Parquet, JSON, or Bytes format. Parquet output format is available for dedicated clusters only. Schema Registry must be enabled to use a Schema Registry-based format (for example, Avro, JSON_SR (JSON Schema), or Protobuf).

  • Schema Evolution: schema.compatibility is set to NONE.

  • Partitioner: The connector supports the TimeBasedPartitioner class based on the Kafka class TimeStamp. Time-based partitioning options are daily or hourly.

  • Scheduled Rotation and Rotation Interval: The connector supports a regularly scheduled interval for closing and uploading files to storage. See Scheduled Rotation for details.

  • Flush size: flush.size defaults to 1000. The default value can be increased if needed. The default value can be lowered if you are running a Dedicated Confluent Cloud cluster.

    The following scenarios describe a couple of ways records may be flushed to storage:

    • You use the default setting of 1000 and your topic has six partitions. Files start to be created in storage after more than 1000 records exist in each partition.

    • You use the default setting of 1000 and the partitioner is set to Hourly. 500 records arrive at one partition from 2:00pm to 3:00pm. At 3:00pm, an additional 5 records arrive at the partition. You will see 500 records in storage at 3:00pm.

      Note

      The properties rotate.schedule.interval.ms and rotate.interval.ms can be used with flush.size to determine when files are created in storage. These parameters kick in and files are stored based on which condition is met first.

      For example: You have one topic partition. You set flush.size=1000 and rotate.schedule.interval.ms=600000 (10 minutes). 500 records arrive at the topic partition from 12:01 to 12:10. 500 additional records arrive from 12:11 to 12:20. You will see two files in the storage bucket with 500 records in each file. This is because the 10 minute rotate.schedule.interval.ms condition tripped before the flush.size=1000 condition was met.

For more information and examples to use with the Confluent Cloud API for Connect, see the Confluent Cloud API for Connect section.

Refer to Confluent Cloud connector limitations for additional information.

IAM Policy for S3

The AWS user account accessing the S3 bucket must have the following permissions:

  • ListAllMyBuckets
  • ListBucket
  • GetBucketLocation
  • PutObject
  • GetObject
  • AbortMultipartUpload
  • ListMultipartUpload
  • ListMultipartUploadParts
  • ListBucketMultipartUploads

Copy the following JSON to create the IAM policy for the user account. Change <bucket-name> to a real bucket name. For more information, see Create and attach a policy to an IAM user.

Note

This is the IAM policy for the user account and not a bucket policy.

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListAllMyBuckets"
         ],
         "Resource":"arn:aws:s3:::*"
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource":"arn:aws:s3:::<bucket-name>"
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:PutObject",
            "s3:GetObject",
            "s3:AbortMultipartUpload",
            "s3:ListMultipartUpload",
            "s3:ListMultipartUploadParts",
            "s3:ListBucketMultipartUploads"

         ],
         "Resource":"arn:aws:s3:::<bucket-name>/*"
      }
   ]
}

Quick Start

Use this quick start to get up and running with the Confluent Cloud S3 Sink connector. The quick start provides the basics of selecting the connector and configuring it to stream events to an S3 bucket.

Prerequisites
  • Kafka cluster credentials. You can use one of the following ways to get credentials:
    • Create a Confluent Cloud API key and secret. To create a key and secret, you can use the Confluent Cloud CLI or you can autogenerate the API key and secret directly in the Cloud Console when setting up the connector.
    • Create a Confluent Cloud service account for the connector. Make sure to review the ACL entries required in the service account documentation. Some connectors have specific ACL requirements.
  • (Optional) Confluent Cloud Schema Registry enabled for your cluster, if you are using a messaging schema (like Apache Avro). See Working with schemas.

Caution

You can’t mix schema and schemaless records in storage using kafka-connect-storage-common. Attempting this causes a runtime exception. If you are using the self-managed version of this connector, this issue will be evident when you review the log files (only available for the self-managed connector).

Using the Confluent Cloud Console

Step 1: Launch your Confluent Cloud cluster.

See the Quick Start for Apache Kafka using Confluent Cloud for installation instructions.

Step 2: Add a connector.

In the left navigation menu, click Data integration, and then click Connectors. If you already have connectors in your cluster, click + Add connector.

Step 3: Select your connector.

Click the Amazon S3 Sink connector icon.

Amazon S3 Sink connector icon

Step 4: Enter the connector details.

Note

  • Ensure you have all your prerequisites completed.
  • An asterisk ( * ) designates a required entry.

At the Add Amazon S3 Sink connector screen, complete the following:

If you’ve already populated your Kafka topics, select the topic(s) you want to connect from the Topics list.

To create a new topic, click +Add new topic.

Step 5. Check the S3 bucket.

  1. Check the S3 Bucket by going to the AWS Management Console and select Storage > S3.

  2. Open your S3 bucket.

  3. Open your topic folder and each subsequent folder until you see your messages displayed.

    ../_images/ccloud-aws-s3-details.png

For more information and examples to use with the Confluent Cloud API for Connect, see the Confluent Cloud API for Connect section.

Tip

When you launch a connector, a Dead Letter Queue topic is automatically created. See Dead Letter Queue for details.

For additional information about the S3 connector see Amazon S3 Sink Connector for Confluent Platform. Note that not all Confluent Platform S3 connector features are provided in the Confluent Cloud S3 connector.

See also

For an example that shows fully-managed Confluent Cloud connectors in action with Confluent Cloud ksqlDB, see the Cloud ETL Demo. This example also shows how to use Confluent Cloud CLI to manage your resources in Confluent Cloud.

../_images/topology.png

Using the Confluent Cloud CLI

Complete the following steps to set up and run the connector using the Confluent Cloud CLI.

Note

Make sure you have all your prerequisites completed.

Step 1: List the available connectors.

Enter the following command to list available connectors:

ccloud connector-catalog list

Step 2: Show the required connector configuration properties.

Enter the following command to show the required connector properties:

ccloud connector-catalog describe <connector-catalog-name>

For example:

ccloud connector-catalog describe S3_SINK

Example output:

Following are the required configs:
connector.class: S3_SINK
name
kafka.api.key
kafka.api.secret
aws.access.key.id
aws.secret.access.key
input.data.format
output.data.format
compression.codec
s3.compression.level
s3.bucket.name
time.interval
tasks.max
topics

Step 3: Create the connector configuration file.

Create a JSON file that contains the connector configuration properties. The following example shows the required connector properties.

{
   "name" : "confluent-s3-sink",
   "connector.class": "S3_SINK",
   "kafka.api.key": "<my-kafka-api-key>",
   "kafka.api.secret" : "<my-kafka-api-secret>",
   "aws.access.key.id" : "<my-aws-access-key>",
   "aws.secret.access.key": "<my-aws-access-key-secret>",
   "input.data.format": "JSON",
   "output.data.format": "JSON",
   "compression.codec": "JSON - gzip",
   "s3.compression.level": "6",
   "s3.bucket.name": "<my-bucket-name>",
   "time.interval" : "HOURLY",
   "flush.size": "1000",
   "tasks.max" : "1"
   "topics": "<topic-1>, <topic-2>",
}

Note the following required property definitions:

  • "name": Sets a name for your new connector.

  • "connector.class": Identifies the connector plugin name.

  • "input.data.format": Sets the input message format (data coming from the Kafka topic). Valid entries are AVRO, JSON_SR, PROTOBUF, JSON, or BYTES. You must have Confluent Cloud Schema Registry configured if using a schema-based message format (for example, Avro, JSON_SR (JSON Schema), or Protobuf).

    Note

    The following input-to-output formats are not supported for this connector:

    • Input format JSON to output format AVRO
    • Input format JSON to output format PARQUET
  • "output.data.format": Sets the output message format (data coming from the connector). Valid entries are AVRO, PARQUET, JSON, or BYTES. Parquet output format is available for dedicated clusters only. You must have Confluent Cloud Schema Registry configured if using a schema-based output message format (for example, Avro).

  • "compression.codec": Sets the compression type. Valid entries are AVRO - bzip2, AVRO - deflate, AVRO - snappy, BYTES - gzip, or JSON - gzip. For PARQUET only compression types "PARQUET - none", "PARQUET - gzip", and "PARQUET - snappy" are currently supported.

  • "s3.compression.level": Sets a gzip level. Valid entries are from 1 to 9. Selecting 1 results in high-speed compression and a low compression ratio. Selecting 9 provides the highest compression ratio and a much slower compression speed. The default gzip compression level is 6.

  • "time.interval": Sets how your messages are grouped in the S3 bucket. Valid entries are DAILY or HOURLY.

  • (Optional) flush.size: This value defaults to 1000. The default value can be raised (and lowered, if running a dedicated cluster).

    The following scenarios describe a couple of ways records may be flushed to storage:

    • You use the default setting of 1000 and your topic has six partitions. Files start to be created in storage after more than 1000 records exist in each partition.

    • You use the default setting of 1000 and the partitioner is set to Hourly. 500 records arrive at one partition from 2:00pm to 3:00pm. At 3:00pm, an additional 5 records arrive at the partition. You will see 500 records in storage at 3:00pm.

      Note

      The properties rotate.schedule.interval.ms and rotate.interval.ms can be used with flush.size to determine when files are created in storage. These parameters kick in and files are stored based on which condition is met first.

      For example: You have one topic partition. You set flush.size=1000 and rotate.schedule.interval.ms=600000 (10 minutes). 500 records arrive at the topic partition from 12:01 to 12:10. 500 additional records arrive from 12:11 to 12:20. You will see two files in the storage bucket with 500 records in each file. This is because the 10 minute rotate.schedule.interval.ms condition tripped before the flush.size=1000 condition was met.

  • "tasks.max": Enter the maximum number of tasks for the connector to use.

  • "topics": Enter the topic name or a comma-separated list of topic names.

    Tip

    The time.interval property above and the following optional properties topics.dir and path.format can be used to build a directory structure for data stored in S3. For example: You set "time.interval" : "HOURLY", "topics.dir" : "json_logs/hourly", and "path.format" : "'dt'=YYYY-MM-dd/'hr'=HH". The result in S3 is the directory structure: s3://<s3-bucket-name>/json_logs/hourly/<Topic-Name>/dt=2020-02-06/hr=09/<files>.

The following are optional properties that can be used to organize your data in storage:

  • "topics.dir": A top-level directory path to use for data stored in S3. Defaults to topics if not used.
  • ""path.format": Configures the time-based partitioning path created in S3. The property converts the UNIX timestamp to a date format string. If not used, this property defaults to 'year'=YYYY/'month'=MM/'day'=dd/'hour'=HH if an Hourly time.interval was selected or 'year'=YYYY/'month'=MM/'day'=dd if a Daily Time interval was selected.
  • rotate.schedule.interval.ms and rotate.interval.ms: See Scheduled Rotation for details about using these properties.
  • timestamp.field: The record field used for the timestamp, which is used with the time-base partitioner. If not used, this defaults to the timestamp when the Kafka record was produced or stored by the Kafka broker.
  • "timezone": A valid timezone. For example, you can use EST, PST, WET, or UTC. Defaults to UTC if not used.
  • "locale". The locale to use with the time-based partitioner. Used to format dates and times. For example, you can use en-US for English (USA), en-GB for English (UK), en-IN for English (India), or fr-FR for French (France). Defaults to en. For a list of locale IDs, see Java locales.

Configuration properties that are not listed use the default values. See Amazon S3 Sink connector Configuration Properties for default values and property definitions.

Step 4: Load the properties file and create the connector.

Enter the following command to load the configuration and start the connector:

ccloud connector create --config <file-name>.json

For example:

ccloud connector create --config s3-sink-config.json

Example output:

Created connector confluent-s3-sink lcc-ix4dl

Step 5: Check the connector status.

Enter the following command to check the connector status:

ccloud connector list

Example output:

ID          |       Name        | Status  | Type
+-----------+-------------------+---------+------+
lcc-ix4dl   | confluent-s3-sink | RUNNING | sink

Step 6: Check the S3 bucket.

  1. Go to the AWS Management Console and select Storage > S3.

  2. Open your S3 bucket.

  3. Open your topic folder and each subsequent folder until you see your messages displayed.

    ../_images/ccloud-aws-s3-details.png

For more information and examples to use with the Confluent Cloud API for Connect, see the Confluent Cloud API for Connect section.

Tip

When you launch a connector, a Dead Letter Queue topic is automatically created. See Dead Letter Queue for details.

For additional information about the S3 connector see Amazon S3 Sink Connector for Confluent Platform. Note that not all Confluent Platform S3 connector features are provided in the Confluent Cloud S3 connector.

Scheduled Rotation

Two optional properties are available that allow you to set up a rotation schedule. These properties are provided in the Cloud Console (shown below) and in the Confluent Cloud CLI.

Rotate Schedule and Rotate Interval
  • rotate.schedule.interval.ms (Scheduled rotation): This property allows you to configure a regular schedule for when files are closed and uploaded to storage. The minimum value is 600000 ms (10 minutes). The default value is -1 (disabled). When this is set for 600000 ms, you will see files available in the storage bucket at least every 10 minutes. rotate.schedule.interval.ms does not require a continuous stream of data.

    Note

    Using the rotate.schedule.interval.ms property results in a non-deterministic environment and invalidates exactly-once guarantees.

  • rotate.interval.ms (Rotation interval): This property allows you to specify the maximum time span (in milliseconds) that a file can remain open for additional records. When using this property, the time span interval for the file starts with the timestamp of the first record added to the file. The connector closes and uploads the file to storage when the timestamp of a subsequent record falls outside the time span set by the first file’s timestamp. The minimum value is 600000 ms (10 minutes). This property defaults to the interval set by the time.interval property. rotate.interval.ms requires a continuous stream of data.

    Important

    The start and end of the time span interval is determined using file timestamps. For this reason, a file could potentially remain open for a long time if a record does not arrive with a timestamp falling outside the time span set by the first file’s timestamp.

Next Steps

See also

For an example that shows fully-managed Confluent Cloud connectors in action with Confluent Cloud ksqlDB, see the Cloud ETL Demo. This example also shows how to use Confluent Cloud CLI to manage your resources in Confluent Cloud.

../_images/topology.png