Confluent Terraform Provider for Confluent Cloud

The Confluent Terraform provider lets you manage Confluent Cloud infrastructure as code. Use it to create and configure environments, Apache Kafka® clusters, topics, schemas, ACLs, RBAC roles, networking, connectors, and more—all from declarative Terraform configuration files.

Get Started for Free

Sign up for a Confluent Cloud trial and get $400 of free credit.

Resources you can manage

• Confluent: Invitations and provider integrations

• Connect: Connectors, connector plugins, and custom connector artifacts

• Confluent Cloud for Apache Flink®: Compute pools, Flink statements, and Flink connections

• Apache Kafka®: Clusters, topics, mirror topics, cluster links, and client quotas

• ksqlDB: ksqlDB clusters

• Metadata: Schemas, schema registries, tags, and business metadata

• Network: Networks, peering, PrivateLink, Transit Gateway, DNS, and IP filters

• Schema management and Stream Governance: Schemas, schema registry clusters, subjects, and exporters

Why Terraform and Kafka?

Use the Confluent Terraform provider to deploy and manage Confluent Cloud infrastructure. The Confluent Terraform provider automates the workflow for managing environments, Apache Kafka® clusters, Kafka topics, and other resources in Confluent Cloud.

These are some of the benefits you get with the Confluent Terraform provider:

• Human-readable configuration: Define infrastructure resources declaratively in human-readable configuration files.

• Manage critical Confluent Cloud resources: Manage API keys, environments, Kafka clusters, topics, ACLs, RBAC, Private Networking, and more.

• Consistent deployability: Provision and manage your infrastructure safely and efficiently throughout its lifecycle. Package reusable modules to provision multi-cloud resources.

• Multi-cloud with ease: Deploy Confluent Cloud seamlessly across cloud providers.

• Scale quickly: Provision complex and dependent infrastructure quickly.

• Industry standard: Enable industry-standard GitOps and infrastructure-as-code practices.

The Confluent Terraform provider plugin is available on the Terraform Registry.

Confluent Terraform tutorial

The following tutorials show how to get started with the Confluent Terraform provider:

• Sample Project for Confluent Terraform Provider

• Applying Data Pipeline Principles in Practice: Exploring the Kafka Summit Keynote Demo

Using the Confluent Terraform provider

The following example shows a simple Terraform configuration file that provisions a Confluent Cloud environment, a basic Kafka cluster, and a service account.

# Configure the Confluent Provider
terraform {
  required_providers {
    confluent = {
      source  = "confluentinc/confluent"
      version = "2.72.0"
    }
  }
}

provider "confluent" {
  cloud_api_key    = var.confluent_cloud_api_key    # optionally use CONFLUENT_CLOUD_API_KEY env var
  cloud_api_secret = var.confluent_cloud_api_secret # optionally use CONFLUENT_CLOUD_API_SECRET env var
}

resource "confluent_environment" "development" {
  display_name = "Development"

  lifecycle {
    prevent_destroy = true
  }
}

resource "confluent_kafka_cluster" "basic" {
  display_name = "basic_kafka_cluster"
  availability = "SINGLE_ZONE"
  cloud        = "AWS"
  region       = "us-east-2"
  basic {}

  environment {
    id = confluent_environment.development.id
  }

  lifecycle {
    prevent_destroy = true
  }
}

resource "confluent_service_account" "app-manager" {
  display_name = "app-manager"
  description  = "Service account to manage Kafka cluster"
}

# Create more resources ...

You must provide appropriate Confluent Cloud and Kafka cluster credentials to use the provider.

For more information about the resources that you can interact with, see the Confluent Terraform Provider documentation in the Terraform registry.

Sample project

For realistic examples that create multiple Confluent Cloud resources, see the Sample Project for Confluent Terraform Provider. The sample project shows configurations that provision Confluent Cloud resources like these:

• Basic, Standard, Enterprise, Dedicated, and Freight Kafka clusters

• PrivateLink connections

• RBAC and ACLs for access control

• Source and sink connectors

• VPC Peering connections

Source code

• For the provider source code, see the Confluent Terraform Provider repository on GitHub.

• For sample configuration files, see the examples directory in the source repo.

Resource Importer

The Resource Importer enables importing your existing Confluent Cloud resources to Terraform Configuration (main.tf) and Terraform State (terraform.tfstate) files.

Resources you can manage

You can provision the following Confluent Cloud resources and get data from these data sources in your Terraform configuration files.

Confluent

Resource	Data Source
Confluent Invitation	Confluent Invitation
Confluent Provider Integration	Confluent Provider Integration
–	Confluent Endpoint
–	Confluent Gateways

Connect

Resource	Data Source
Connect Artifact	Connect Artifact
Connector	–
Connector Plugin	–
Connector Plugin Version	–

Flink

Resource	Data Source
Flink Artifact	Flink Artifact
Flink Compute Pool	Flink Compute Pool
Flink Connection	Flink Connection
Flink Statement	–
–	Flink Region

Kafka cluster

Resource	Data Source
Cluster Link	Cluster Link
Connector	–
Dedicated Kafka Cluster Configuration	–
Kafka Client Quota	Kafka Client Quota
Kafka Cluster	Kafka Cluster
–	Kafka Clusters
Kafka Mirror Topic	–
Kafka Topic	Kafka Topic

ksqlDB

Resource	Data Source
ksqlDB Cluster	ksqlDB Cluster

Metadata

Resource	Data Source
Business Metadata	Business Metadata
Business Metadata Binding	Business Metadata Binding
Tag	Tag
Tag Binding	Tag Binding

Network

Resource	Data Source
Access Point	Access Point
Certificate Authority	Certificate Authority
Certificate Pool	Certificate Pool
DNS Record	DNS Record
–	IP Addresses (Preview)
DNS Forwarder	–
Gateway	Gateway
IP Filter	IP Filter
IP Group	IP Group
Network	Network
Network Link Endpoint	Network Link Endpoint
Network Link Service	Network Link Service
Peering	Peering
Private Link Access	Private Link Access
Private Link Attachment	Private Link Attachment
Private Link Attachment Connection	Private Link Attachment Connection
Transit Gateway Attachment	Transit Gateway Attachment

Schema management and Stream Governance

Resource	Data Source
Catalog Entity Attributes	–
Schema	Schema
–	Schemas
Schema Exporter	–
–	Schema Registry Cluster
–	Schema Registry Clusters
Schema Registry Cluster Config	Schema Registry Cluster Config
Schema Registry Cluster Mode	Schema Registry Cluster Mode
Schema Registry DEK	Schema Registry DEK
Schema Registry KEK	Schema Registry KEK
Subject Config	Subject Config
Subject Mode	Subject Mode

Security, access control, and identity

Resource	Data Source
API key	–
BYOK key	BYOK key
Environment	Environment
–	Environments
Group Mapping	Group Mapping
Identity Pool	Identity Pool
Identity Provider	Identity Provider
Kafka ACL	–
–	Organization
Role Binding	Role Binding
Service Account	Service Account
–	User
–	Users

Tableflow

Resource	Data Source
Tableflow Topic	Tableflow Topic
Catalog Integration	Catalog Integration

Related content

• Video: Getting started with the Confluent Terraform Provider

• Terraform CLI Documentation

• Create a Kafka Cluster on Confluent Cloud from a Template Using Pulumi

• Kafka Cluster Types in Confluent Cloud