FAQ for Confluent Cloud

This topic provides answers to general Confluent Cloud questions.

How do I sign up for Confluent Cloud?

Sign up at https://confluent.cloud. See Free Trial for Confluent Cloud for details on the temporary free trial that Confluent Cloud offers.

What cloud providers and regions are supported?

Following is a list of the cloud providers and the region and zones supported by Confluent Cloud.


If you don’t see your region listed, contact Confluent. Additional regions can be supported by request.

Amazon Web Services (AWS) regions

Following is a list of regions supported for AWS grouped by geographic region.

  • Africa:
    • af-south-1 (Cape Town)
  • Asia Pacific:
    • ap-east-1 (AWS Hong Kong)
    • ap-northeast-1 (Tokyo)
    • ap-northeast-2 (Seoul)
    • ap-northeast-3 (Osaka)
    • ap-south-1 (Mumbai)
    • ap-southeast-1 (Singapore)
    • ap-southeast-2 (Sydney)
    • ap-southeast-3 (Jakarta)
  • Canada:
    • ca-central-1 (Canada Central)
  • Europe:
    • eu-central-1 (Frankfurt)
    • eu-north-1 (Stockholm)
    • eu-south-1 (Milan)
    • eu-west-1 (Ireland)
    • eu-west-2 (London)
    • eu-west-3 (Paris)
  • Middle East:
    • me-south-1 (Bahrain)
  • South America:
    • sa-east-1 (São Paulo)
  • United States:
    • us-east-1 (N. Virginia)
    • us-east-2 (Ohio)
    • us-west-2 (Oregon)

Microsoft Azure (Azure) regions

Following is a list of regions supported for Azure grouped by geographic region.

  • Africa:
    • southafricanorth (Johannesburg)
  • Asia Pacific:
    • australiaeast (New South Wales)
    • centralindia (Pune)
    • eastasia (Hong Kong)
    • japaneast (Japan East)
    • koreacentral (Seoul)
    • southeastasia (Singapore)
  • Canada:
    • canadacentral (Canada)
  • Dubai:
    • uaenorth (Dubai)
  • Europe:
    • francecentral (France)
    • germanywestcentral (Germany West Central)
    • northeurope (Ireland)
    • norwayeast (Oslo)
    • swedencentral (Gävle)
    • switzerlandnorth (Zurich)
    • uksouth (London)
    • westeurope (Netherlands)
  • Qatar:
    • qatarcentral (Doha)
  • South America:
    • brazilsouth (Brazil South)
  • United States:
    • centralus (Iowa)
    • eastus (Virginia)
    • eastus2 (Virginia)
    • southcentralus (South Central US)
    • westus2 (Washington)
    • westus3 (Phoenix)

Google Cloud Platform (GCP) regions

Following is a list of regions supported for GCP grouped by geographic region.

  • Asia:
    • asia-east1 (Taiwan)
    • asia-east2 (Hong Kong)
    • asia-northeast1 (Tokyo)
    • asia-northeast2 (Osaka)
    • asia-northeast3 (Seoul)
    • asia-south1 (Mumbai)
    • asia-south2 (Delhi)
    • asia-southeast1 (Singapore)
    • asia-southeast2 (Jakarta)
  • Australia:
    • australia-southeast1 (Sydney)
    • australia-southeast2 (Melbourne)
  • Europe:
    • europe-central2 (Warsaw)
    • europe-north1 (Finland)
    • europe-west1 (Belgium)
    • europe-west2 (London)
    • europe-west3 (Frankfurt)
    • europe-west4 (Netherlands)
    • europe-west6 (Zurich)
    • europe-west8 (Milan)
  • North America:
    • northamerica-northeast1 (Montreal)
    • northamerica-northeast2 (Toronto)
  • South America:
    • southamerica-east1 (São Paulo)
    • southamerica-west1 (Santiago)
  • United States:
    • us-central1 (Iowa)
    • us-east1 (S. Carolina)
    • us-east4 (N. Virginia)
    • us-west1 (Oregon)
    • us-west2 (Los Angeles)
    • us-west4 (Las Vegas)

How does pricing and billing work for Confluent Cloud?

Confluent Cloud bills are based on the consumption of resources within your cloud organization. For detailed billing information, see Confluent Cloud Billing.

What version of Kafka does Confluent Cloud use?

Confluent Cloud runs the latest version of Confluent Platform, including all released and to-be-released updates. See Confluent Platform and Apache Kafka versions for the Kafka version.

  • After a new version of Kafka is released, there is an expected lag before all Confluent Cloud clusters are updated with the latest.
  • Not all current Confluent Platform features are available in Confluent Cloud.

Since Kafka version, clients and brokers provide backward compatibility so that they can fall back to older request types or throw appropriate errors if functionality is not available. This means that upgrades to Kafka clients do not require corresponding broker upgrades and upgrades to the Kafka version running in Confluent Cloud do not require corresponding version upgrades on the client side. However, it is strongly recommended that you keep all of your clients running on the latest version so that you get the best performance and can use the latest features. For more information, see Confluent Platform and Apache Kafka Compatibility.

What client and protocol versions are supported?

  • Confluent Cloud follows the Confluent Platform client version support policy.
  • Compatible clients must support and implement TLS/SSL encryption and SASL_PLAIN authentication. This is required to connect to Confluent Cloud.
  • All client features since are supported, including exactly-once delivery semantics.

What security, compliance, and privacy features does Confluent Cloud provide?

Confluent’s product offerings are designed to support the needs of enterprise customers for security, compliance, and privacy. For information on compliance and security, see the Trust & Security page page.

See What specific security features does Confluent Cloud offer? for more details about security features.

What specific security features does Confluent Cloud offer?

  • All traffic over the wire requires TLS/SSL encryption and SASL_PLAIN authentication.
  • All data is encrypted at rest on encrypted volumes. Confluent Cloud ensures encryption on customer data stored at rest through the native encryption services offered by our cloud providers.
  • BYOK encryption is supported for data at rest for Dedicated clusters on AWS and Google Cloud.
  • You control the API keys and secrets specific to your cluster which you can revoke or reissue if necessary.
  • All data is stored on secure infrastructure, with access controls that are restricted to Confluent engineers, inside a Confluent controlled VPC.
  • Confluent Cloud Dedicated clusters provide dedicated compute and storage resources.
  • VPC Peering (optional) provides network-level security for customers with Dedicated Clusters in Confluent Cloud.
  • Single sign-on (SSO) using your existing SAML-based identity provider (IdP). Confluent Cloud SSO provides access control for multiple independent software systems.

For more information, see the Confluent Cloud Security Addendum and the Confluent Cloud Security Controls whitepaper.

What version of TLS is supported on Confluent Cloud?

TLS version 1.2 is supported.


Effective March 15, 2020, connections made by using TLS 1.0 and 1.1 are no longer supported. TLS 1.0 and 1.1 are legacy cryptographic protocols that do not support modern cryptographic algorithms. They contain security vulnerabilities that can be exploited by attackers. The Internet Engineering Task Force is planning to officially deprecate both protocols. The majority of encrypted internet traffic is now over TLS 1.2. TLS 1.2 has been the recommended version for IETF protocols since 2008.

Is Kerberos supported on Confluent Cloud?

Kerberos authentication is not supported.

Are Confluent Cloud IP addresses static?

No in most cases. Because the cloud infrastructure that is used by Confluent Cloud does not guarantee static IPs across cluster changes, DNS is used to provide a consistent address. The underlying IPs may be stable for some period of time, but are subject to change at any time, so they should not be relied upon for any use.

You can rely on static IP addresses for clusters in some configurations. See Use Static Egress IP addresses and Static Egress IP Addresses for Confluent Cloud Connectors.

In addition, DNS for each cluster follows a predictable pattern. If your cluster bootstrap URL is pkc-12345.<region>.<cloud>.<tld>, all broker endpoints will be of the format:

b0-pkc-12345.<region>.<cloud>.<tld>, b1-pkc-12345.<region>.<cloud>.<tld>, b2-pkc-12345.<region>.<cloud>.<tld>...

How do I connect Confluent Platform components to Confluent Cloud?

Connection instructions vary by by Confluent Platform component.

See Connect Confluent Platform Components to Confluent Cloud for a list of topics.

How do I grant other users access to my cluster?

Confluent provides a variety of ways to manage access to your data. See Manage Accounts and Access for Confluent Cloud for more information.

Can I maintain unlimited retention using log compacted topics with Confluent Cloud?

Yes. You can set retention per topic in Confluent Cloud, including unlimited retention with log compaction. You are only limited by the amount of total storage for your cluster. For more information, see Custom topic settings for all cluster types.

Can I access broker logs?

Kafka broker logs are not available in Confluent Cloud, but there are several tools to help you debug your streaming applications. The Confluent Cloud Metrics provides actionable operational metrics about your Confluent Cloud deployment. The Confluent Cloud Console shows cluster activity and usage relative to your cluster’s capacity. The Cloud Console also includes topic management and consumer lag monitoring. Develop Client Applications on Confluent Cloud details best practices for configuring, monitoring, and debugging Kafka clients.

Are there topic or partition limits?

Yes, these are described in Confluent Cloud Features and Limits by Cluster Type. If you try to create more partitions than you are allowed, you will see this error:

"You may not create more than the maximum number of partitions"

Can I switch between Confluent Cloud cluster types?

You can upgrade a Basic cluster to single-zone Standard cluster. No other changes to cluster type (including downgrading a Standard cluster to Basic) are supported. For more information on cluster types, see Confluent Cloud Features and Limits by Cluster Type.

Can deleted Confluent Cloud components be restored?

No. When you delete components from your Confluent Cloud account, they are permanently deleted and cannot be restored.

How do I change support plans?

You can manage your support plan by clicking the help icon in the upper-right corner of the Confluent Cloud window. From the menu that appears, click Support Plans.


The Support Plans page shows which plan you have currently. You can also choose a different plan from this page by clicking Select in the description of the plan. The next window that opens shows the pricing details for that plan and asks you to confirm your support plan upgrade. Click Confirm upgrade to upgrade, or click Close to cancel. See Confluent Cloud Support for more information.


Downgrade restrictions apply to support plan purchases. Your current support level will stay in effect until the end of the current calendar month. However, if you downgrade within the month of purchase, your current support plan level is maintained until the end of the next full calendar month.

Why do I see the same bootstrap server for different clusters?

In the Confluent Cloud Console, you may see the same bootstrap server for different clusters. This is working as designed; it occurs because Confluent Cloud clusters are multi-tenant.