FAQ for Confluent Cloud

This topic provides answers to general Confluent Cloud questions.

How do I sign up for Confluent Cloud?

Sign up at https://confluent.cloud. See Deploy Free Clusters on Confluent Cloud for details on the temporary free trial that Confluent Cloud offers.

What cloud providers and regions are supported?

Following is a list of the cloud providers and the region and zones supported by Confluent Cloud.

Tip

If you don’t see your region listed, contact Confluent. Additional regions can be supported by request.

Amazon Web Services (AWS) regions

Following is a list of regions supported for AWS grouped by geographic region.

• Africa:
  • af-south-1 (Cape Town) ^*
• Asia Pacific:
  • ap-east-1 (Hong Kong) ^*
  • ap-northeast-1 (Tokyo) ^*
  • ap-northeast-2 (Seoul) ^*
  • ap-northeast-3 (Osaka)
  • ap-south-1 (Mumbai) ^*
  • ap-south-2 (Hyderabad) ^*
  • ap-southeast-1 (Singapore) ^*
  • ap-southeast-2 (Sydney) ^*
  • ap-southeast-3 (Jakarta)
  • ap-southeast-4 (Melbourne)
• Canada:
  • ca-central-1 (Canada Central) ^*
  • ca-west-1 (Calgary)
• Europe:
  • eu-central-1 (Frankfurt) ^*
  • eu-central-2 (Zurich) ^*
  • eu-north-1 (Stockholm) ^*
  • eu-south-1 (Milan) ^*
  • eu-south-2 (Spain) ^*
  • eu-west-1 (Ireland) ^*
  • eu-west-2 (London) ^*
  • eu-west-3 (Paris)
• Middle East:
  • me-south-1 (Bahrain)
  • me-central-1 (UAE) ^*
• Other:
  • il-central-1 (Tel Aviv)
• South America:
  • sa-east-1 (São Paulo) ^*
• United States:
  • us-east-1 (N. Virginia) ^*
  • us-east-2 (Ohio) ^*
  • us-west-2 (Oregon) ^*

* Regions that host Enterprise Kafka clusters.

Microsoft Azure (Azure) regions

Following is a list of regions supported for Azure grouped by geographic region.

• Africa:
  • southafricanorth (Johannesburg)
• Asia Pacific:
  • australiaeast (New South Wales) ^*
  • centralindia (Pune) ^*
  • eastasia (Hong Kong) ^*
  • japaneast (Japan East)
  • koreacentral (Seoul)
  • southeastasia (Singapore) ^*
• Canada:
  • canadacentral (Canada) ^*
• Dubai:
  • uaenorth (Dubai) ^*
• Europe:
  • francecentral (France)
  • germanywestcentral (Germany West Central) ^*
  • northeurope (Ireland) ^*
  • norwayeast (Oslo) ^*
  • swedencentral (Gävle) ^*
  • switzerlandnorth (Zurich) ^*
  • uksouth (London) ^*
  • westeurope (Netherlands) ^*
  • italynorth (Milan)
  • spaincentral (Spain Central)
• Mexico:
  • mexicocentral (Mexico Central)
• Qatar:
  • qatarcentral (Doha)
• South America:
  • brazilsouth (Brazil South) ^*
• United States:
  • centralus (Iowa) ^*
  • eastus (Virginia) ^*
  • eastus2 (Virginia) ^*
  • southcentralus (Texas) ^*
  • westus2 (Washington) ^*
  • westus3 (Phoenix) ^*

* Regions that host Enterprise Kafka clusters.

Google Cloud regions

Following is a list of regions supported for Google Cloud grouped by geographic region.

• Asia:
  • asia-east1 (Taiwan)
  • asia-east2 (Hong Kong)
  • asia-northeast1 (Tokyo)
  • asia-northeast2 (Osaka)
  • asia-northeast3 (Seoul)
  • asia-south1 (Mumbai)
  • asia-south2 (Delhi)
  • asia-southeast1 (Singapore)
  • asia-southeast2 (Jakarta)
• Australia:
  • australia-southeast1 (Sydney)
  • australia-southeast2 (Melbourne)
• Europe:
  • europe-central2 (Warsaw)
  • europe-north1 (Finland)
  • europe-southwest1 (Madrid)
  • europe-west1 (Belgium)
  • europe-west2 (London)
  • europe-west3 (Frankfurt)
  • europe-west4 (Netherlands)
  • europe-west6 (Zurich)
  • europe-west8 (Milan)
  • europe-west9 (Paris)
  • europe-west12 (Turin)
• Middle East:
  • me-west1 (Tel Aviv)
  • me-central1 (Doha)
  • me-central2 (Dammam)
• North America:
  • northamerica-northeast1 (Montreal)
  • northamerica-northeast2 (Toronto)
• South America:
  • southamerica-east1 (São Paulo)
  • southamerica-west1 (Santiago)
• United States:
  • us-central1 (Iowa)
  • us-east1 (S. Carolina)
  • us-east4 (N. Virginia)
  • us-west1 (Oregon)
  • us-west2 (Los Angeles)
  • us-west3 (Salt Lake City)
  • us-west4 (Las Vegas)
  • us-south1 (Dallas)

How does pricing and billing work for Confluent Cloud?

Confluent Cloud bills are based on the consumption of resources within your cloud organization. For detailed billing information, see Manage Billing in Confluent Cloud.

What version of Kafka does Confluent Cloud use?

Confluent Cloud runs the latest version of Confluent Platform, including all released and to-be-released updates. See Confluent Platform and Apache Kafka versions for the Kafka version.

• After a new version of Kafka is released, there is an expected lag before all Confluent Cloud clusters are updated with the latest.
• Not all current Confluent Platform features are available in Confluent Cloud.

Since Kafka version 0.10.0.0, clients and brokers provide backward compatibility so that they can fall back to older request types or throw appropriate errors if functionality is not available. This means that upgrades to Kafka clients do not require corresponding broker upgrades and upgrades to the Kafka version running in Confluent Cloud do not require corresponding version upgrades on the client side. However, it is strongly recommended that you keep all of your clients running on the latest version so that you get the best performance and can use the latest features. For more information, see Confluent Platform and Apache Kafka Compatibility.

What client and protocol versions are supported?

• Confluent Cloud follows the Confluent Platform client version support policy.
• To connect to Confluent Cloud, compatible clients must support and implement TLS encryption and SASL_PLAIN or SASL_OAUTHBEARER (with OAuth-OIDC configured) authentication.
• All client features since 0.10.0.0 are supported, including exactly-once delivery semantics.

What security, compliance, and privacy features does Confluent Cloud provide?

Confluent’s product offerings are designed to support the needs of enterprise customers for security, compliance, and privacy. For information on compliance and security, see the Trust & Security page page.

See What specific security features does Confluent Cloud offer? for more details about security features.

What specific security features does Confluent Cloud offer?

• All traffic over the wire requires TLS 1.2 encryption and authentication for SASL_PLAIN or SASL_OAUTHBEARER (with OAuth-OIDC identity provider configured).
• All data is encrypted at rest on encrypted volumes. Confluent Cloud ensures encryption on customer data stored at rest through the native encryption services offered by our cloud providers.
• BYOK encryption is supported for data at rest for Dedicated clusters on AWS, Azure, and Google Cloud.
• You control the API keys and secrets specific to your cluster which you can revoke or reissue if necessary.
• All data is stored on secure infrastructure, with access controls that are restricted to Confluent engineers, inside a Confluent controlled VPC.
• Confluent Cloud Dedicated clusters provide dedicated compute and storage resources.
• VPC Peering (optional) provides network-level security for customers with Dedicated Clusters in Confluent Cloud.
• Single sign-on (SSO) using your existing SAML-based identity provider (IdP). Confluent Cloud SSO provides access control for multiple independent software systems.

For more information, see the Confluent Cloud Security Addendum and the Confluent Cloud Security Controls whitepaper.

What version of TLS is supported on Confluent Cloud?

TLS version 1.2 is supported.

Important

Effective March 15, 2020, connections made by using TLS 1.0 and 1.1 are no longer supported. TLS 1.0 and 1.1 are legacy cryptographic protocols that do not support modern cryptographic algorithms. They contain security vulnerabilities that can be exploited by attackers. The Internet Engineering Task Force is planning to officially deprecate both protocols. The majority of encrypted internet traffic is now over TLS 1.2. TLS 1.2 has been the recommended version for IETF protocols since 2008.

Is Kerberos supported on Confluent Cloud?

Kerberos authentication is not supported.

Are Confluent Cloud IP addresses and hostnames static?

In most cases, no. Because the cloud infrastructure used by Confluent Cloud does not guarantee static IP addresses or hostnames across cluster changes, DNS is used to provide a consistent address. The underlying IP addresses and hostnames might be stable for a period of time, but are subject to change at any time, so they should not be relied upon for any use.

Confluent provides egress public IP addresses that you can use for communicating between Kafka clusters (with public networking) in Confluent Cloud and external data sources and sinks. For more information, see Use Public Egress IP Addresses on Confluent Cloud for Connectors and Cluster Linking and Public IP address for Confluent Cloud connectors.

• Planned changes to the list of public egress ip addresses is considered a Major Upgrade and we will follow the policy outlined in Major Upgrades for Confluent Cloud.
• In the event of an unplanned change, Confluent will send out notifications as soon as possible and that you may be required to take immediate action to update your firewall rules.

In addition, DNS resolution for each Kafka cluster follows a predictable pattern. For example, if your cluster bootstrap URL is pkc-12345.<region>.<cloud>.<tld> and the default broker prefix is used, then all broker endpoints will be of the format:

b0-pkc-12345.<region>.<cloud>.<tld>
b1-pkc-12345.<region>.<cloud>.<tld>
b2-pkc-12345.<region>.<cloud>.<tld>
...

The following blogs describe how the common outbound proxies handle IP address changes:

• DNS for Service Discovery in HAProxy - HAProxy Technologies.
• DNS for Service Discovery with NGINX and NGINX Plus.

How do I connect Confluent Platform components to Confluent Cloud?

Connection instructions vary by by Confluent Platform component.

See Connect Confluent Platform Components to Confluent Cloud for a list of topics.

How do I grant other users access to my cluster?

Confluent provides a variety of ways to manage access to your data. See User account types for more information.

Can I use the same user account for multiple Confluent Cloud organizations?

Yes. For details, see Manage Multiple Organizations on Confluent Cloud.

Can I be auto-notified about failures or incidents?

Yes, you can view and subscribe to the Confluent Cloud status page.

Can I get help troubleshooting failures on my own before I contact support?

Yes, use this support article to troubleshoot connectivity issues with Confluent Cloud.

Can I maintain unlimited retention using log compacted topics with Confluent Cloud?

Yes. You can set retention per topic in Confluent Cloud, including unlimited retention with log compaction. You are only limited by the amount of total storage for your cluster. For more information, see Configuration Reference for Topics in Confluent Cloud.

Can I access broker logs?

Kafka broker logs are not available in Confluent Cloud, but there are several tools to help you debug your streaming applications. The Confluent Cloud Metrics provides actionable operational metrics about your Confluent Cloud deployment. The Confluent Cloud Console shows cluster activity and usage relative to your cluster’s capacity. The Cloud Console also includes topic management and consumer lag monitoring. Build Kafka Client Applications on Confluent Cloud details best practices for configuring, monitoring, and debugging Kafka clients.

Are there topic or partition limits?

Yes, these are described in Kafka Cluster Types in Confluent Cloud. If you try to create more partitions than you are allowed, you will see this error:

"You may not create more than the maximum number of partitions"

Can I switch between Confluent Cloud cluster types?

You can upgrade a Basic cluster to single-zone Standard cluster. No other changes to cluster type (including downgrading a Standard cluster to Basic) are supported. For more information on cluster types, see Kafka Cluster Types in Confluent Cloud.

Can deleted Confluent Cloud components be restored?

No. When you delete components from your Confluent Cloud account, they are permanently deleted and cannot be restored.

How do I change support plans?

You can manage your support plan by clicking the help icon in the upper-right corner of the Confluent Cloud window. From the menu that appears, click Support Plans.

The Support Plans page shows which plan you have currently. You can also choose a different plan from this page by clicking Select in the description of the plan. The next window that opens shows the pricing details for that plan and asks you to confirm your support plan upgrade. Click Confirm upgrade to upgrade, or click Close to cancel. See Confluent Support for Confluent Cloud for more information.

Important

Downgrade restrictions apply to support plan purchases. Your current support level will stay in effect until the end of the current calendar month. However, if you downgrade within the month of purchase, your current support plan level is maintained until the end of the next full calendar month.

What are the recommended JVM settings for Java clients?

There are two recommended JVM settings for Java clients:

JVM Security configuration

java.security.Security.setProperty(“networkaddress.cache.ttl” , “30");
java.security.Security.setProperty(“networkaddress.cache.negative.ttl” , “0");

Kafka Producer and Consumer configuration

consumer.client.dns.lookup="use_all_dns_ips"
producer.client.dns.lookup="use_all_dns_ips"

For more on configuring Java clients, see Configure clients.

Why do I see the same bootstrap server for different clusters?

In the Confluent Cloud Console, you may see the same bootstrap server for different clusters. This is working as designed; it occurs because Confluent Cloud clusters are multi-tenant.

How do I access the Cloud Console?

Access the Cloud Console at the following URL:

https://confluent.cloud

To access the console, you will be required to sign in to your Confluent Cloud account. You can sign up for a free account, if you don’t have an account.

What web browsers does Cloud Console support?

The latest stable versions of the following web browsers are supported by Confluent Cloud Console:

• Apple Safari
• Google Chrome
• Mozilla Firefox

What user session timeouts does Cloud Console require?

Each time you access your Confluent Cloud account in the Cloud Console from a web browser, you will be required to sign in. There are limits on how long you can remained signed in to your account with and without activity. The limits are as follows:

• Idle timeout: If no activity is seen in the Cloud Console browser tab for 30 minutes, you will be logged out.
• Maximum timeout: You can be logged in to Confluent Cloud for a maximum of 8 hours. After 8 hours, you will be logged out and must sign in again. This is enforced regardless of activity.

These are default settings and cannot be configured or changed.

What domains does the Cloud Console require?

The Cloud Console requires access to the following domains to function properly:

• https://confluent.cloud
• https://login.confluent.io
• https://api.confluent.cloud
• Access to static assets, such as fonts and images:
  • https://cloud-static.confluent.io
  • https://fonts.googleapis.com
  • https://fonts.gstatic.com
• Access to Stripe (payment info):
  • https://js.stripe.com
  • https://m.stripe.network
  • https://m.stripe.com
  • https://q.stripe.com
• Access to the Confluent Metrics API:
  • https://api.telemetry.confluent.cloud

The following domains are not required for the Cloud Console to operate properly, but are recommended:

• Sentry, for debugging purposes:
  • https://o114100.ingest.sentry.io
• For access to on-page help:
  • https://cdn.contentful.com

How do I monitor cluster activity with Cloud Console?

You can monitor cluster activity and usage from the Clusters page within each of your environments. To view the page, sign in to Confluent Cloud, choose an environment, and the Clusters page displays.

How do I view cluster details with Cloud Console?

On the navigation menu, choose Cluster Overview > Cluster Settings to access the Cluster settings page. You can view the cloud type, provider, region, and zone availability details, and delete a cluster from the General tab of this page.

Hover on the Cluster ID, Bootstrap server, or REST endpoint properties to access a copy-to-clipboard button for your convenience. Paste these details when you are configuring, running commands, or troubleshooting your cluster.

For more information, see How to work with Kafka clusters.

How do I change a cluster name with Cloud Console?

The General tab of the Cluster settings page also enables you to edit the cluster name.

1. On the Cluster settings page, make sure the General tab is selected, and click the Edit icon.

   

2. Edit the cluster name in Cluster name field and click Save changes.

   

For more information, see How to work with Kafka clusters.

How do I delete a cluster with Cloud Console?

The Cluster settings page enables you to delete a cluster.

1. From the Cluster settings, make sure the General tab is selected, and click Delete cluster.

   

   You are prompted to confirm the deletion.

   

For more information, see How to work with Kafka clusters.

How do I create keys for a cluster with Cloud Console?

To create and delete API keys for cluster resources, navigate to Cluster Overview and choose API keys. Select a key to edit its description. For more information, see Use API Keys to Authenticate to Confluent Cloud.

How do I access notifications with Cloud Console?

Access the Manage notifications page by clicking the Alert bell icon in the upper right of the console. To learn more about notifications, see Notifications for Confluent Cloud.

How do I access Confluent CLI and support from Cloud Console?

See instructions to install and use the Confluent CLI, and access Confluent support and tools from options located at the bottom of the navigation menu.

How do I install the CLI from Cloud Console?

Choose CLI and tools, located at the bottom of the navigation menu. Select the Confluent CLI tab for step-by-step instructions to install and access your Confluent Cloud environment with the Confluent CLI. For more information about how to install and use the Confluent CLI, see Confluent CLI.

How do I access support from Cloud Console?

To access Confluent support, choose Support located at the bottom of the navigation menu. The support plans display, with your current plan indicated. See Confluent Cloud support plans for details about the plans.

How do I access account and billing information?

The Administration menu in the upper right enables you to access account and billing information, and create API access keys for the cloud account.

How do I change my password in Cloud Console?

1. From the Administration menu, click Settings > Reset password.

2. An email will be sent to the email address associated with the account to reset your password.

   

How do I view my organization bill and ID in Cloud Console?

1. From the Administration menu, click Billing & payment. The Billing page shows current accrued charges by selected environment and time period (year and month).

   

2. Click the Payment details & contacts tab to obtain your Cloud Organization ID, edit your billing information, add an address for tax purposes, or claim a Promo Code.

   

For more information, see the billing page.

How do I add users in Cloud Console?

To add a user:

1. From the Administration menu, click Accounts & access, and click +Add user.
2. Enter an email address, select an Access Role, and choose a Scope.
3. Click Review and then Create.

For more information, see Local user: username/password.

How do I collect troubleshooting info about issues in Cloud Console?

If issues occur in Cloud Console, consider generating a HAR file and uploading it to the Confluent Community Slack channel or sending it to the flink preview email address. For more information, see Generate a HAR file for Troubleshooting on Confluent Cloud.

How do I collect metrics for Confluent Cloud resources using Cloud Console?

1. From the Administration menu, select Metrics.

2. From Explore available metrics, select a Metric and a Resource. If there is data available for the metric you selected, the chart displays the data.

   You can select a new time interval to meet your needs.

   To copy a cURL template of the query used to display the selected data, select Copy cURL template. A template of the cURL command is added to your clipboard. Paste the template into a command prompt (Windows) or terminal (Mac, Linux). Edit the template to add an API key and secret to authenticate the request.

For more information, see Confluent Cloud Metrics.

Can I create a custom DNS name for Confluent Cloud bootstrap endpoints?

You must use the original cluster bootstrap endpoint name. If you change the bootstrap name by creating a DNS record, TLS hostname validation fails. Confluent Cloud does not support custom DNS names. Custom DNS names are domain names that you configure to point to your Confluent Cloud cluster.

Which Kafka clusters are multi-tenant?

Only Dedicated Kafka clusters are single-tenant. All other Confluent Cloud Kafka clusters are multi-tenant.

How does the Confluent Cloud free trial work?

When you sign up for Confluent Cloud, your organization receives free credit worth $400 USD. This credit is automatically added to your billing account. However, to create any resources in Confluent Cloud, you must add a payment method. Your payment method isn’t charged until your free trial ends. The free trial ends after 30 days or once you have used the $400 in credits, whichever happens first. For more information, see Deploy Free Clusters on Confluent Cloud.

Why do I have to add a payment method during the free trial?

A payment method is required to create any resources in Confluent Cloud. However, your payment method isn’t charged until your free trial ends. During the trial, you receive free credits worth $400 USD to evaluate the product.

Will you charge my payment method during the free trial?

No, your payment method is not charged until your free trial is over.

Can I pause the free trial?

No, you cannot pause the free trial. However, you can request an extension of the trial by contacting our Sales team.

What can I do if my company won’t allow me to add a payment method?

If you’re unable to add a payment method, please contact our Sales team and explain your use case. For example, some companies do not allow you to add a payment method. If this or something similar is the case, our Sales team can assist you with your request.

How can I remove my payment method before the trial ends?

You cannot remove your payment method before the trial ends. However, you can manage your payment method by following the steps in Manage your payment method.

How can I delete my account?

When you delete your Confluent Cloud organization, you permanently remove all data and resources associated with it. To delete your local Confluent Cloud account, follow the steps in Delete an organization.

What are some alternative payment methods available other than credit card?

If you prefer not to use a credit card, you have alternative payment options:

1. Cloud Marketplace Billing: You can connect your Confluent Cloud account to a cloud marketplace for billing. This allows you to manage your payments directly through your cloud provider. Follow the relevant guide below to set up billing or sign up through your preferred marketplace:

   • AWS: Confluent Cloud AWS Pay-As-You-Go Guide
   • GCP: Confluent Cloud GCP Pay-As-You-Go Guide
   • Azure: Confluent Cloud Azure Pay-As-You-Go Guide

   These guides walk you through the process of linking your Confluent Cloud account to your chosen cloud provider’s marketplace.

2. ACH Payments: Confluent Cloud supports ACH payments as an alternative payment method. To pay with an ACH payment method, follow the steps in Manage your payment method.

   Once set up, your account will be billed through ACH, and payments will be withdrawn automatically from your connected bank account.

How can I provide feedback for Confluent documentation?

To provide feedback on the Confluent documentation, click the Give us feedback button located near the footer of each page.