Use AWS Transit Gateway¶
You can use AWS Transit Gateway to a single transit gateway to connect your VPCs to your Confluent Cloud clusters. The transit gateway acts as a cloud router, with each connection only made once. Your data is encrypted and never travels over the public internet.
To enable a transit gateway for use with Confluent Cloud, provide the following information to your Confluent representative:
- The full AWS Resource Name (ARN) for the AWS Resource Access Manager (RAM) Share ID of the transit gateways that you want Confluent Cloud attached to.
- The VPC CIDR block for Confluent Cloud to use.
- Cannot be modified after the cluster is provisioned.
- Cannot overlap with an existing Confluent Cloud CIDR block.
- Must not overlap with any ranges your organization is using.
- The RFC 6598 shared address space is supported on AWS.
- Must be a
- The CIDR block must be in one of the following supported private
- The following CIDR blocks are denied from the larger CIDR blocks listed above:
- Because the Confluent Cloud and AWS routes are shared, you might need to increase your AWS Transit Gateway route quota when you use VPC peering. To request a quota increase from AWS, see Requesting a quota increase
After provisioning the Confluent Cloud clusters:
- Confluent accepts a RAM share and attaches the Confluent Cloud VPC to the AWS Transit Gateway. Confluent installs RFC 1918 and RFC 6598 routes in the Confluent Cloud VPC to return to AWS Transit Gateway.
- Accept the AWS Transit Gateway attachment request from Confluent Cloud.
- You can set up the desired routing in the AWS Transit Gateway to route traffic to Confluent Cloud.
- Any routes you install on AWS Transit Gateway outside of the ßCIDR block allocated to Confluent Cloud cluster are not supported and will not work with Confluent Cloud.