Create Confluent Cloud Network on AWS

Each Confluent Cloud network is a virtual network that is provisioned in your Confluent Cloud AWS account.

Confluent Cloud is available through AWS Marketplace or directly from Confluent.

This network allows inbound connections from the connected network to services in Confluent Cloud. It also allows inbound connections from services in Confluent Cloud that are configured to interact with data in the Confluent Cloud network.

You can create multiple Dedicated Kafka clusters within each Confluent Cloud network.

For details on default service quotas, see Network service quotas.

Requirements and considerations

Review the following requirements and considerations when you set up a Confluent Cloud network.

Region and availability zones

Dedicated clusters you create in your Confluent Cloud network inherit the selected Region and Availability Zones.

Confluent Cloud network CIDR blocks and block size for peering and Transit Gateway

When you set up a Confluent Cloud network for VPC peering or Transit Gateway, the CIDR blocks you specify must meet the follow requirements.

  • Specify Confluent Cloud network CIDR blocks in one of the following private IP ranges:

  • Do not select CIDR blocks that overlap with the following CIDR blocks that are reserved by Confluent Cloud: 10.100.0.0/16, 10.255.0.0/16, 172.17.0.0/16, 172.20.0.0/16

    You cannot use the above CIDRs for peering or Transit Gateways due to routing conflicts with Confluent services. For example, managed connectors cannot reach the sources or sinks in those IP ranges.

  • The CIDR block must comply with the IPv4 CIDR block association restrictions for restricted VPC CIDR block associations.

    For example, if any one of the /27 CIDR is from the 10.0.0.0/15 range, the other two /27 CIDRs cannot be from 10.0.0.0/16, 172.16.0.0/12, or 192.168.0.0/16.

  • When a /16 CIDR range is provided, the range is broken up into 3 predictable /27 ranges in Confluent Cloud.

    Specifically, from a given /16, the first range starts at the 0 IP, the second range starts at the 32, and the third at the 64.

    For example, if you provide 10.1.0.0/16, the ranges are: 10.1.0.0/27, 10.1.0.32/27, 10.1.0.64/27

  • 10.0.0.0/16 CIDR block is not supported in Confluent Cloud when you use a /16 CIDR range.

  • The CIDR of the AWS VPC you want to peer with Confluent Cloud network should not be identical and not completely within the Confluent Cloud network CIDRs.

Create a Confluent Cloud network

Follow the procedure below to create a Confluent Cloud network on AWS.

You can host multiple clusters within one Confluent Cloud network. For details on service quotas, see Networks.

  1. In the Confluent Cloud Console, select an environment for the Confluent Cloud network.

  2. In the Network management tab in the environment, click For dedicated clusters.

  3. Click Add network configuration.

  4. Select AWS as the cloud service provider and select the geographic region in Region. Click Continue.

  5. Select the connectivity type: Transit Gateway, VPC Peering, or PrivateLink.

    Depending on the option selected, different Zone Placement options and CIDR for Confluent Cloud fields will appear.

    • Transit Gateway: Cluster is accessible using the Transit Gateway endpoint.
    • VPC Peering: Cluster is accessible using the VPC peering endpoint.
    • PrivateLink: Cluster is accessible using AWS PrivateLink connections.
  6. Complete the steps for the connectivity type you selected.

    Important

    After provisioning your new Confluent Cloud network, you cannot change your selected Availability Zone (AZ) IDs or CIDR block size.

    1. In the Zone placement section, click the /27 CIDR ranges tab to configure your Confluent Cloud network to use /27 CIDR blocks.

    2. For three availability zones you want to use, specify non-overlapping and different /27 CIDR blocks, one for each zone.

      /27 CIDR blocks cannot overlap with 172.20.255.0/24.

      For more information about CIDR block options, see Confluent Cloud network CIDR blocks and block size for peering and Transit Gateway above.

    3. In the Confluent Cloud CIDR management section, you can optionally specify reserved CIDR blocks.

    4. Click Continue.

  7. In Network name, specify the name of the connection.

    The name you choose is used to identify your network in Confluent Cloud. Choose a meaningful name, but consider including the connection type in the name (for example, aws-uswest2-privatelink).

  8. Review your configuration and click Add network configuration.

Next steps