Confluent Terraform Provider for Confluent Cloud

The Confluent Terraform provider lets you manage Confluent Cloud infrastructure as code. Use it to create and configure resources such as environments, Apache Kafka® clusters, topics, schemas, ACLs, role-based access control (RBAC) roles, networking, and connectors, all from declarative Terraform configuration files.

Get Started for Free

Sign up for a Confluent Cloud trial and get $400 of free credit.

Why use the Confluent Terraform provider

Use the Confluent Terraform provider to manage Confluent Cloud infrastructure as code, so you can version, review, and reproduce your environments using the same workflow you use for application code. The provider automates provisioning for environments, Kafka clusters, Kafka topics, and other Confluent Cloud resources.

These are some of the benefits you get with the Confluent Terraform provider:

Human-readable configuration: Define infrastructure resources declaratively in human-readable configuration files.
Comprehensive resource coverage: Manage Confluent Cloud resources such as API keys, environments, Kafka clusters, topics, ACLs, RBAC, and private networking.
Consistent deployability: Provision and manage your infrastructure safely and efficiently throughout its lifecycle. Package reusable modules to provision multi-cloud resources.
Multi-cloud with ease: Deploy Confluent Cloud seamlessly across cloud providers.
Scale quickly: Provision complex and dependent infrastructure quickly.
Industry standard: Enable industry-standard GitOps and infrastructure-as-code practices.

The Confluent Terraform provider plugin is available on the Terraform Registry.

What you can manage with the provider

Confluent: Invitations and provider integrations
Confluent Intelligence: Real-Time Context Engine topics
Connect: Connectors, connector plugins, and custom connector artifacts
Confluent Cloud for Apache Flink®: Compute pools, Flink statements, and Flink connections
Apache Kafka®: Clusters, topics, mirror topics, cluster links, and client quotas
ksqlDB: ksqlDB clusters
Metadata: Schemas, schema registries, tags, and business metadata
Network: Networks, peering, PrivateLink, Transit Gateway, DNS, and IP filters
Schema management and Stream Governance: Schemas, schema registry clusters, subjects, and exporters
Security, access control, and identity: API keys, BYOK keys, environments, identity pools and providers, ACLs, role bindings, and service accounts
Tableflow: Tableflow topics and catalog integrations

Tutorials and sample projects

The following resources show how to get started with the Confluent Terraform provider.

For realistic examples that create multiple Confluent Cloud resources, see the Sample Project for Confluent Terraform Provider. The sample project shows configurations that provision Confluent Cloud resources like these:

Basic, Standard, Enterprise, Dedicated, and Freight Kafka clusters
PrivateLink connections
RBAC and ACLs for access control
Source and sink connectors
VPC Peering connections

For a guided walkthrough, see Applying Data Pipeline Principles in Practice: Exploring the Kafka Summit Keynote Demo.

Using the Confluent Terraform provider

To use the Confluent Terraform provider, declare it in the required_providers block, configure your Confluent Cloud API key credentials, and define resources in a Terraform configuration file. The following example provisions a Confluent Cloud environment, a basic Kafka cluster, and a service account:

# Configure the Confluent Provider
terraform {
  required_providers {
    confluent = {
      source  = "confluentinc/confluent"
      version = "2.76.0"
    }
  }
}

provider "confluent" {
  cloud_api_key    = var.confluent_cloud_api_key    # optionally use CONFLUENT_CLOUD_API_KEY env var
  cloud_api_secret = var.confluent_cloud_api_secret # optionally use CONFLUENT_CLOUD_API_SECRET env var
}

resource "confluent_environment" "development" {
  display_name = "Development"

  lifecycle {
    prevent_destroy = true
  }
}

resource "confluent_kafka_cluster" "basic" {
  display_name = "basic_kafka_cluster"
  availability = "SINGLE_ZONE"
  cloud        = "AWS"
  region       = "us-east-2"
  basic {}

  environment {
    id = confluent_environment.development.id
  }

  lifecycle {
    prevent_destroy = true
  }
}

resource "confluent_service_account" "app-manager" {
  display_name = "app-manager"
  description  = "Service account to manage Kafka cluster"
}

# Create more resources ...

You must provide appropriate Confluent Cloud and Kafka cluster credentials to use the provider.

For more information about the resources that you can interact with, see the Confluent Terraform Provider documentation in the Terraform registry.

Tools and resources

Find the provider source code and example configurations, and import your existing Confluent Cloud infrastructure into Terraform.

Source code

The Confluent Terraform provider is open source. The provider code and example configurations are in two Confluent GitHub repositories.

For the provider source code, see the Confluent Terraform Provider repository on GitHub.
For sample configuration files, see the examples directory in the source repo.

Import existing Confluent Cloud resources to Terraform

To import your existing Confluent Cloud resources into Terraform configuration (main.tf) and Terraform state (terraform.tfstate) files, use the Resource Importer.

Resources you can manage

You can provision the following Confluent Cloud resources and get data from these data sources in your Terraform configuration files.

Confluent

Resource	Data Source
Confluent Invitation	Confluent Invitation
Confluent Provider Integration	Confluent Provider Integration
–	Confluent Endpoint
–	Confluent Gateways

Confluent Intelligence

Resource	Data Source
Confluent Real-Time Context Engine Topic	Confluent Real-Time Context Engine Topic

Connect

Resource	Data Source
Connect Artifact	Connect Artifact
Connector	–
Connector Plugin	–
Connector Plugin Version	–

Flink

Resource	Data Source
Flink Artifact	Flink Artifact
Flink Compute Pool	Flink Compute Pool
Flink Connection	Flink Connection
Flink Statement	–
–	Flink Region

Kafka cluster

Resource	Data Source
Cluster Link	Cluster Link
Connector	–
Dedicated Kafka Cluster Configuration	–
Kafka Client Quota	Kafka Client Quota
Kafka Cluster	Kafka Cluster
–	Kafka Clusters
Kafka Mirror Topic	–
Kafka Topic	Kafka Topic

ksqlDB

Resource	Data Source
ksqlDB Cluster	ksqlDB Cluster

Metadata

Resource	Data Source
Business Metadata	Business Metadata
Business Metadata Binding	Business Metadata Binding
Tag	Tag
Tag Binding	Tag Binding

Network

Resource	Data Source
Access Point	Access Point
Certificate Authority	Certificate Authority
Certificate Pool	Certificate Pool
DNS Record	DNS Record
–	IP Addresses (Preview)
DNS Forwarder	–
Gateway	Gateway
IP Filter	IP Filter
IP Group	IP Group
Network	Network
Network Link Endpoint	Network Link Endpoint
Network Link Service	Network Link Service
Peering	Peering
Private Link Access	Private Link Access
Private Link Attachment	Private Link Attachment
Private Link Attachment Connection	Private Link Attachment Connection
Transit Gateway Attachment	Transit Gateway Attachment

Schema management and Stream Governance

Resource	Data Source
Catalog Entity Attributes	–
Schema	Schema
–	Schemas
Schema Exporter	–
–	Schema Registry Cluster
–	Schema Registry Clusters
Schema Registry Cluster Config	Schema Registry Cluster Config
Schema Registry Cluster Mode	Schema Registry Cluster Mode
Schema Registry DEK	Schema Registry DEK
Schema Registry KEK	Schema Registry KEK
Subject Config	Subject Config
Subject Mode	Subject Mode

Security, access control, and identity

Resource	Data Source
API key	–
BYOK key	BYOK key
Environment	Environment
–	Environments
Group Mapping	Group Mapping
Identity Pool	Identity Pool
Identity Provider	Identity Provider
Kafka ACL	–
–	Organization
Role Binding	Role Binding
Service Account	Service Account
–	User
–	Users

Tableflow

Resource	Data Source
Tableflow Topic	Tableflow Topic
Catalog Integration	Catalog Integration