AWS Transit Gateway

Confluent Cloud clusters can be created for use with one AWS Transit Gateway. To enable, you must provide the following information to your Confluent representative:

  1. The full AWS Resource Name (ARN) for the AWS Resource Access Manager (RAM) Share-ID of the Transit Gateways that you want Confluent Cloud attached to.
  2. The VPC CIDR block for Confluent Cloud to use.
    • Cannot be modified after the cluster is provisioned.
    • Cannot overlap with an existing Confluent Cloud CIDR block.
    • Must not overlap with any ranges your organization is using.
    • The RFC 6598 shared address space is supported on AWS.
    • Must be a /16 CIDR block.
    • For AWS, the CIDR block must be in one of the following supported private networks:
      • 10.0.0.0/8
      • 100.64.0.0/10
      • 172.16.0.0/12
      • 192.168.0.0/16
      • 198.18.0.0/15
    • For AWS, the following CIDR blocks are denied from the larger CIDR blocks listed above:
      • 10.100.0.0/16
      • 10.255.0.0/16
      • 172.17.0.0/16
      • 172.20.0.0/16
    • Because the Confluent Cloud and AWS routes are shared, you might need to increase your AWS Transit Gateway route quota when you use VPC peering. To request a quota increase from AWS, see Requesting a quota increase

After provisioning the Confluent Cloud clusters:

  • Confluent accepts RAM share and attaches the Confluent Cloud VPC to the AWS Transit Gateway. Confluent installs RFC 1918 and RFC 6598 routes in the Confluent Cloud VPC to return to AWS Transit Gateway.
  • Accept the AWS Transit Gateway attachment request from Confluent Cloud.
  • You can set up the desired routing in the AWS Transit Gateway to route traffic to Confluent Cloud.
    • Any routes you install on AWS Transit Gateway outside of the IP CIDR block allocated to Confluent Cloud cluster are not supported and will not work with Confluent Cloud.