Access Transparency on Confluent Cloud
Access Transparency shows you when and why Confluent personnel access your Dedicated Apache Kafka® clusters. This feature helps you maintain compliance with regulatory requirements, show proper governance controls, and confirm that Confluent accesses your data only for legitimate operational purposes.
Access Transparency provides near real-time visibility into Confluent personnel access, including:
What activity was performed
When the access occurred
Why the access was necessary
Where the access originated from (country or location)
Access Transparency is in Limited Availability
Access Transparency is in Limited Availability as a fully supported feature suitable for production use. To get access, contact Confluent Support.
Requirements
To use Access Transparency, you must meet the following requirements:
Premier support plan: You must be subscribed to the Premier support plan.
Audit logs enabled: You must be actively consuming Confluent Cloud audit logs (enabled by default).
Explicit enablement: Access Transparency logs are disabled by default and must be explicitly enabled.
Support request: Request Access Transparency logging from Confluent Support.
Cluster type: Available only on Dedicated Kafka clusters.
Supported cloud service providers: Available on AWS, Azure, and Google Cloud.
Enable Access Transparency logging
To enable Access Transparency logging:
Ensure you have the Premier support plan.
Contact your account executive or Confluent Support.
Request Access Transparency logs to be enabled in your organization.
Log fields
Access Transparency logs include the following fields:
Field | Description |
|---|---|
Event ID | A unique number to identify each event |
Timestamp | When the action happened |
Employee job family | The job role of the Confluent employee |
Location | Where the action occurred (country) |
Result | The outcome of the action |
Event type
Access Transparency logs are generated with the event type:
io.confluent.cloud/access-transparency
Event method
Access Transparency uses the following event method:
Method name | Description |
|---|---|
| Generated when Confluent personnel access your Dedicated Kafka cluster for support, maintenance, or other operational purposes. |
Note
There are no failure logs for Access Transparency events. Only successful access events are logged.
For details about the Access Transparency event methods, see Access Transparency Auditable Event Methods.
Consume Access Transparency logs
To consume Access Transparency logs:
Ensure you have the Premier support plan.
Contact Confluent Support to enable Access Transparency logs.
Use the same audit log consumption methods you use for regular audit logs.
Filter for events with type
io.confluent.cloud/access-transparency.
For detailed information about the event structure and examples, see Access Transparency Auditable Event Methods.
Use cases
Use Access Transparency for:
Compliance requirements: Meeting regulatory requirements that mandate transparency into data access, including DORA, FCA and PRA, BaFin, APRA, and other financial services regulations.
Security auditing: Maintaining detailed audit trails of all access to your infrastructure for security monitoring and incident response.
Trust and transparency: Building trust with your customers by providing visibility into operational access and demonstrating proper governance controls.
Incident investigation: Understanding what actions were taken during support incidents to help with root cause analysis and resolution.
