Egress Access Point Setup: S3 on AWS for Confluent Cloud¶
This topic presents the steps for configuring the Amazon S3 Sink connector in Confluent Cloud with AWS PrivateLink and Egress Access Point.
Prerequisites¶
The following is a list of prerequisites for configuring the Amazon S3 Sink connector with an Egress Access Point:
- A Confluent Cloud Dedicated cluster was set up and is running within an AWS PrivateLink network.
- A source topic was created to sink data into the S3 bucket.
- S3 bucket was set up and running within the same region and cloud as the Confluent Cloud cluster.
Note
For additional security, you can add a S3 bucket policy to restrict access to only Confluent’s VPC Endpoint ID associated with the Egress Access Point. For details, see Restricting access to a specific VPC endpoint.
Step 1. Create an Egress Access Point¶
In the Confluent Cloud Console, go to Environment → Network, and select the associated Privatelink network you want to use.
In the Egress Access Points tab, click Create access point.
Specify the following, and click Save.
- Name: The name for the Access point
- PrivateLink service name: Your S3 service name (
com.amazonaws.<region>.s3) - Create an access point with high availability: Select for high availability setup.
Retrieve the VPC endpoint DNS name.
- Wait for the Access Point is successfully provisioned when the status changes to “Ready”.
- Note down the VPC endpoint DNS name to be used for S3 connector setup.
Step 2. Create the S3 Sink connector¶
Specify the authentication details for S3.
Store URL: Replace
*withbucketin the VPC endpoint DNS name that you retrieved when you created the Egress Access Endpoint in the previous step, and specify that value.For example, if the VPC endpoint DNS name is
*.vpce-02ab7be7f6f5cc718-cgz9wshg.s3.us-east-2.vpce.amazonaws.com, specifyhttps://bucket.vpce-02ab7be7f6f5cc718-cgz9wshg.s3.us-east-2.vpce.amazonaws.com.
Follow the steps to create the source connector or the sink connector in Confluent Cloud.