documentation
Get Started Free
  • Get Started Free
  • Stream
      Confluent Cloud

      Fully-managed data streaming platform with a cloud-native Kafka engine (KORA) for elastic scaling, with enterprise security, stream processing, governance.
      Confluent Platform

      An on-premises enterprise-grade distribution of Apache Kafka with enterprise security, stream processing, governance.
  • Connect
      Managed

      Use fully-managed connectors with Confluent Cloud to connect to data sources and sinks.
      Self-Managed

      Use self-managed connectors with Confluent Platform to connect to data sources and sinks.
  • Govern
      Managed

      Use fully-managed Schema Registry and Stream Governance with Confluent Cloud.
      Self-Managed

      Use self-managed Schema Registry and Stream Governance with Confluent Platform.
  • Process
      Managed

      Use Flink on Confluent Cloud to run complex, stateful, low-latency streaming applications.
      Self-Managed

      Use Flink on Confluent Platform to run complex, stateful, low-latency streaming applications.
Stream
Confluent Cloud

Fully-managed data streaming platform with a cloud-native Kafka engine (KORA) for elastic scaling, with enterprise security, stream processing, governance.
Confluent Platform

An on-premises enterprise-grade distribution of Apache Kafka with enterprise security, stream processing, governance.
Connect
Managed

Use fully-managed connectors with Confluent Cloud to connect to data sources and sinks.
Self-Managed

Use self-managed connectors with Confluent Platform to connect to data sources and sinks.
Govern
Managed

Use fully-managed Schema Registry and Stream Governance with Confluent Cloud.
Self-Managed

Use self-managed Schema Registry and Stream Governance with Confluent Platform.
Process
Managed

Use Flink on Confluent Cloud to run complex, stateful, low-latency streaming applications.
Self-Managed

Use Flink on Confluent Platform to run complex, stateful, low-latency streaming applications.
Learn
Get Started Free
  1. Home
  2. Cloud
  3. Manage Networking on Confluent Cloud
  4. Connectivity for Confluent Resources on Confluent Cloud

CLOUD

  • Overview
  • Get Started
    • Overview
    • Quick Start
    • REST API Quick Start
    • Manage Schemas
    • Deploy Free Clusters
    • Tutorials and Examples
      • Overview
      • Example: Use Replicator to Copy Kafka Data to Cloud
      • Example: Create Fully-Managed Services
      • Example: Build an ETL Pipeline
  • Manage Kafka Clusters
    • Overview
    • Cluster Types
    • Manage Configuration Settings
    • Cloud Providers and Regions
    • Resilience
    • Copy Data with Cluster Linking
      • Overview
      • Quick Start
      • Use Cases and Tutorials
        • Share Data Across Clusters, Regions, and Clouds
        • Disaster Recovery and Failover
        • Create Hybrid Cloud and Bridge-to-Cloud Deployments
        • Use Tiered Separation of Critical Workloads
        • Migrate Data
        • Manage Audit Logs
      • Configure, Manage, and Monitor
        • Configure and Manage Cluster Links
        • Manage Mirror Topics
        • Manage Private Networking
        • Manage Security
        • Monitor Metrics
      • FAQ
      • Troubleshooting
    • Copy Data with Replicator
      • Quick Start
      • Use Replicator to Migrate Topics
    • Resize a Dedicated Cluster
    • Multi-Tenancy and Client Quotas for Dedicated Clusters
      • Overview
      • Quick Start
    • Create Cluster Using Terraform
    • Create Cluster Using Pulumi
    • Connect Confluent Platform and Cloud Environments
      • Overview
      • Connect Self-Managed Control Center to Cloud
      • Connect Self-Managed Clients to Cloud
      • Connect Self-Managed Connect to Cloud
      • Connect Self-Managed REST Proxy to Cloud
      • Connect Self-Managed ksqlDB to Cloud
      • Connect Self-Managed MQTT to Cloud
      • Connect Self-Managed Schema Registry to Cloud
      • Connect Self-Managed Streams to Cloud
      • Example: Autogenerate Self-Managed Component Configs for Cloud
  • Build Client Applications
    • Overview
    • Client Quick Start
    • Configure Clients
      • Architectural Considerations
      • Consumer
      • Producer
      • Configuration Properties
      • Connect Program
    • Test and Monitor a Client
      • Test
      • Monitor
      • Reset Offsets
    • Optimize and Tune
      • Overview
      • Configuration Settings
      • Throughput
      • Latency
      • Durability
      • Availability
      • Freight
    • Client Guides
      • Python
      • .NET Client
      • JavaScript Client
      • Go Client
      • C++ Client
      • Java Client
      • JMS Client
        • Overview
        • Development Guide
    • Kafka Client APIs
      • Python Client API
      • .NET Client API
      • JavaScript Client API
      • Go Client API
      • C++ Client API
      • Java Client API
      • JMS Client
        • Overview
        • Development Guide
    • Deprecated Client APIs
    • Client Examples
      • Overview
      • Python Client
      • .NET Client
      • JavaScript Client
      • Go Client
      • C++ Client
      • Java
      • Spring Boot
      • KafkaProducer
      • REST
      • Clojure
      • Groovy
      • Kafka Connect Datagen
      • kafkacat
      • Kotlin
      • Ruby
      • Rust
      • Scala
    • VS Code Extension
  • Manage Security
    • Overview
    • Manage Authentication
      • Overview
      • Manage User Identities
        • Overview
        • Manage User Accounts
          • Overview
          • Authentication Security Protections
          • Manage Local User Accounts
          • Multi-factor Authentication
          • Manage SSO User Accounts
        • Manage User Identity Providers
          • Overview
          • Use Single Sign-On (SSO)
          • Manage SAML Single Sign-On (SSO)
          • Manage Azure Marketplace SSO
          • Just-in-time User Provisioning
          • Group Mapping
            • Overview
            • Enable Group Mapping
            • Manage Group Mappings
            • Troubleshooting
            • Best Practices
          • Manage Trusted Domains
          • Manage SSO provider
          • Troubleshoot SSO
      • Manage Workload Identities
        • Overview
        • Manage Workload Identities
        • Manage Service Accounts and API Keys
          • Overview
          • Manage Service Accounts
          • Manage API Keys
            • Overview
            • Manage API keys
            • Best Practices
            • Troubleshoot
        • Manage OAuth/OIDC Identity Providers
          • Overview
          • Add an OIDC identity provider
          • Use OAuth identity pools and filters
          • Manage identity provider configurations
          • Manage the JWKS URI
          • Configure OAuth clients
          • Access Kafka REST APIs
          • Use Confluent STS tokens with REST APIs
          • Best Practices
        • Manage mTLS Identity Providers
          • Overview
          • Configure mTLS
          • Manage Certificate Authorities
          • Manage Certificate Identity Pools
          • Create CEL Filters for mTLS
          • Create JSON payloads for mTLS
          • Manage Certificate Revocation
          • Troubleshoot mTLS Issues
    • Control Access
      • Overview
      • Resource Hierarchy
        • Overview
        • Organizations
          • Overview
          • Manage Multiple Organizations
        • Environments
        • Confluent Resource Names (CRNs)
      • Manage Role-Based Access Control
        • Overview
        • Predefined RBAC Roles
        • Manage Role Bindings
        • Use ACLs with RBAC
      • Manage IP Filtering
        • Overview
        • Manage IP Groups
        • Manage IP Filters
        • Best Practices
      • Manage Access Control Lists
      • Use the Confluent CLI with multiple credentials on Confluent Cloud
    • Encrypt and Protect Data
      • Overview
      • Manage Data in Transit With TLS
      • Encrypt Data at Rest Using Self-managed Encryption Keys
        • Overview
        • Use Self-managed Encryption Keys on AWS
        • Use Self-managed Encryption Keys on Azure
        • Use Self-managed Encryption Keys on Google Cloud
        • Use Confluent CLI for Self-managed Encryption Keys
        • Use BYOK API for Self-managed Encryption Keys
        • Revoke Access to Data at Rest
        • Best Practices
      • Encrypt Sensitive Data Using Client-side Field Level Encryption
        • Overview
        • Manage CSFLE using Confluent Cloud Console
        • Use Client-side Field Level Encryption
        • Configuration Settings
        • Manage Encryption Keys
        • Quick Start
        • Implement a Custom KMS Driver
        • Code examples
        • Troubleshoot
        • FAQ
    • Monitor Activity
      • Concepts
      • Understand Audit Log Records
      • Audit Log Event Schema
      • Auditable Event Methods
        • Connector
        • Custom connector plugin
        • Flink
        • Flink Authentication and Authorization
        • IP Filter Authorization
        • Kafka Cluster Authentication and Authorization
        • Kafka Cluster Management
        • ksqlDB Cluster Authentication and Authorization
        • Networking
        • Notifications Service
        • OAuth/OIDC Identity Provider and Identity Pool
        • Organization
        • Role-based Access Control (RBAC)
        • Schema Registry Authentication and Authorization
        • Schema Registry Management and Operations
        • Tableflow Data Plane
        • Tableflow Control Plane
      • Access and Consume Audit Log Records
      • Retain Audit Logs
      • Best Practices
      • Troubleshoot
    • Access Management Tutorial
  • Manage Topics
    • Overview
    • Configuration Reference
    • Message Browser
    • Share Streams
      • Overview
      • Provide Stream Shares
      • Consume Stream Shares
    • Tableflow
      • Overview
      • Concepts
        • Overview
        • Storage
        • Schemas
        • Materialize Change Data Capture Streams
        • Billing
      • Get Started
        • Overview
        • Quick Start with Managed Storage
        • Quick Start Using Your Storage and AWS Glue
      • How-to Guides
        • Overview
        • Configure Storage
        • Integrate Catalogs
          • Overview
          • Integrate with AWS Glue Catalog
          • Integrate with Snowflake Open Catalog or Apache Polaris
        • Query Data
          • Overview
          • Query with AWS
          • Query with Snowflake
          • Query with Trino
      • Operate
        • Overview
        • Configure
        • Grant Role-Based Access
        • Monitor
        • Use Private Networking
        • Supported Cloud Regions
  • Govern Data Streams
    • Overview
    • Stream Governance
      • Manage Governance Packages
      • Data Portal
      • Track Data with Stream Lineage
      • Manage Stream Catalog
        • Stream Catalog User Guide
        • REST API Catalog Usage and Examples Guide
        • GraphQL API Catalog Usage and Examples Guide
    • Manage Schemas
      • Overview
      • Manage Schemas
      • Delete Schemas and Manage Storage
      • Use Broker-Side Schema ID Validation
      • Schema Linking
      • Schema Registry Tutorial
    • Fundamentals
      • Key Concepts
      • Schema Evolution and Compatibility
      • Schema Formats
        • Serializers and Deserializers Overview
        • Avro
        • Protobuf
        • JSON Schema
      • Data Contracts
      • Security Considerations
      • Enable Private Networking
        • Enable Private Networking with Schema Registry PrivateLink
        • Enable Private Networking for Schema Registry with a Public Endpoint
    • Reference
      • Configure Clients to Schema Registry
      • Schema Registry REST API Usage Examples
      • Use AsyncAPI to Describe Topics and Schemas
      • Maven Plugin
    • FAQ
  • Connect to External Systems
    • Overview
    • Install Connectors
      • ActiveMQ Source
      • AlloyDB Sink
      • Amazon CloudWatch Logs Source
      • Amazon CloudWatch Metrics Sink
      • Amazon DynamoDB CDC Source
      • Amazon DynamoDB Sink
      • Amazon Kinesis Source
      • Amazon Redshift Sink
      • Amazon S3 Sink
        • Configure and Launch
        • Configure with AWS Egress PrivateLink Endpoints
      • Amazon S3 Source
      • Amazon SQS Source
      • AWS Lambda Sink
      • Azure Blob Storage Sink
        • Configure and Launch
        • Configure with Azure Egress Private Link Endpoints
      • Azure Blob Storage Source
      • Azure Cognitive Search Sink
      • Azure Cosmos DB Sink
      • Azure Cosmos DB Source
      • Azure Data Lake Storage Gen2 Sink
      • Azure Event Hubs Source
      • Azure Functions Sink
      • Azure Log Analytics Sink
      • Azure Service Bus Source
      • Azure Synapse Analytics Sink
      • Databricks Delta Lake Sink
        • Set up Databricks Delta Lake (AWS) Sink Connector for Confluent Cloud
        • Configure and launch the connector
      • Datadog Metrics Sink
      • Datagen Source (development and testing)
      • Elasticsearch Service Sink
      • GitHub Source
      • Google BigQuery Sink [Deprecated]
      • Google BigQuery Sink V2
      • Google Cloud BigTable Sink
      • Google Cloud Dataproc Sink [Deprecated]
      • Google Cloud Functions Gen 2 Sink
      • Google Cloud Functions Sink [Deprecated]
      • Google Cloud Pub/Sub Source
      • Google Cloud Spanner Sink
      • Google Cloud Storage Sink
      • Google Cloud Storage Source
      • HTTP Sink
      • HTTP Sink V2
      • HTTP Source
      • HTTP Source V2
      • IBM MQ Source
      • InfluxDB 2 Sink
      • InfluxDB 2 Source
      • Jira Source
      • Microsoft SQL Server CDC Source (Debezium) [Deprecated]
      • Microsoft SQL Server CDC Source V2 (Debezium)
        • Configure and launch the connector
        • Backward incompatibility considerations
      • Microsoft SQL Server Sink (JDBC)
      • Microsoft SQL Server Source (JDBC)
      • MongoDB Atlas Sink
        • Configure and Launch
        • Configure with AWS Egress PrivateLink Endpoints
        • Configure with Azure Egress Private Link Endpoints
        • Configure with Google Cloud Egress Private Service Connect Endpoints
      • MongoDB Atlas Source
      • MQTT Sink
      • MQTT Source
      • MySQL CDC Source (Debezium) [Deprecated]
      • MySQL CDC Source V2 (Debezium)
        • Configure and Launch the connector
        • Backward Incompatible Changes
      • MySQL Sink (JDBC)
      • MySQL Source (JDBC)
      • New Relic Metrics Sink
      • OpenSearch Sink
      • Oracle CDC Source
        • Overview
        • Configure and Launch the connector
        • Horizontal Scaling
        • Oracle Database Prerequisites
        • SMT Examples
        • DDL Changes
        • Troubleshooting
      • Oracle Database Sink (JDBC)
      • Oracle Database Source (JDBC)
      • PagerDuty Sink [Deprecated]
      • Pinecone Sink
      • PostgreSQL CDC Source (Debezium) [Deprecated]
      • PostgreSQL CDC Source V2 (Debezium)
        • Configure and Launch the connector
        • Backward Incompatible Changes
      • PostgreSQL Sink (JDBC)
      • PostgreSQL Source (JDBC)
      • RabbitMQ Sink
      • RabbitMQ Source
      • Redis Sink
      • Salesforce Bulk API 2.0 Sink
      • Salesforce Bulk API 2.0 Source
      • Salesforce Bulk API Source
      • Salesforce CDC Source
      • Salesforce Platform Event Sink
      • Salesforce Platform Event Source
      • Salesforce PushTopic Source
      • Salesforce SObject Sink
      • ServiceNow Sink
      • ServiceNow Source [Legacy]
      • ServiceNow Source V2
      • SFTP Sink
      • SFTP Source
      • Snowflake Sink
        • Configure and Launch
        • Configure with AWS Egress PrivateLink Endpoints
        • Configure with Azure Egress Private Link Endpoints
        • Configure with Google Cloud Private Service Connect Endpoints
      • Snowflake Source
        • Configure and Launch
        • Configure with AWS Egress PrivateLink Endpoints
        • Configure with Azure Egress Private Link Endpoints
        • Configure with Google Cloud Private Service Connect Endpoints
      • Solace Sink
      • Splunk Sink
      • Zendesk Source
    • Confluent Hub
      • Overview
      • Component Archive Specification
      • Contribute
    • Install Custom Plugins and Custom Connectors
      • Overview
      • Quick Start
      • Manage Custom Connectors
      • Limitations and Support
      • API and CLI
    • Manage Provider Integration
      • Quick Start
      • Provider Integration APIs
    • Manage CSFLE
    • Networking and DNS
      • Overview
      • AWS Egress PrivateLink Endpoints for First-Party Services
      • AWS Egress PrivateLink Endpoints for RDS & Self-Managed Services
      • Azure Egress Private Link Endpoints for First-Party Services
      • Azure Egress Private Link Endpoints for Self-Managed Services
      • Google Cloud Private Service Connect Endpoints for First-Party Services
    • Connect API Usage
    • Manage Public Egress IP Addresses
    • Sample Connector Output
    • Configure Single Message Transforms
    • View Connector Events
    • Interpret Connector Statuses
    • Manage Service Accounts
    • Configure RBAC
    • View Errors in the Dead Letter Queue
    • Connector Limits
    • Manage Offsets
    • Transforms List
      • Overview
      • Cast
      • Drop
      • DropHeaders
      • EventRouter
      • ExtractField
      • ExtractTopic
      • Filter (Kafka)
      • Filter (Confluent)
      • Flatten
      • GzipDecompress
      • HeaderFrom
      • HoistField
      • InsertField
      • InsertHeader
      • MaskField
      • MessageTimestampRouter
      • RegexRouter
      • ReplaceField (Kafka)
      • ReplaceField (Confluent)
      • SetSchemaMetadata
      • TimestampConverter
      • TimestampRouter
      • TombstoneHandler
      • TopicRegexRouter
      • ValueToKey
  • Process Data with Flink
    • Overview
    • Get Started
      • Overview
      • Quick Start with Cloud Console
      • Quick Start with SQL Shell in Confluent CLI
      • Quick Start with Java Table API
      • Quick Start with Python Table API
    • Concepts
      • Overview
      • Compute Pools
      • Autopilot
      • Statements
      • Determinism
      • Tables and Topics
      • Time and Watermarks
      • User-defined Functions
      • Delivery Guarantees and Latency
      • Schema and Statement Evolution
      • Private Networking
      • Comparison with Apache Flink
      • Billing
    • How-To Guides
      • Overview
      • Aggregate a Stream in a Tumbling Window
      • Combine Streams and Track Most Recent Records
      • Compare Current and Previous Values in a Stream
      • Convert the Serialization Format of a Topic
      • Create a UDF
      • Deduplicate Rows in a Table
      • Enable UDF Logging
      • Handle Multiple Event Types
      • Mask Fields in a Table
      • Scan and Summarize Tables
      • Process Schemaless Events
      • Transform a Topic
      • View Time Series Data
    • Operate and Deploy
      • Overview
      • Manage Compute Pools
      • Monitor and Manage Statements
      • Grant Role-Based Access
      • Deploy a Statement with CI/CD
      • Generate a Flink API Key
      • REST API
      • Move SQL Statements to Production
      • Enable Private Networking
    • Flink Reference
      • Overview
      • SQL Syntax
      • DDL Statements
        • Statements Overview
        • ALTER MODEL
        • ALTER TABLE
        • ALTER VIEW
        • CREATE FUNCTION
        • CREATE MODEL
        • CREATE TABLE
        • CREATE VIEW
        • DESCRIBE
        • DROP MODEL
        • DROP TABLE
        • DROP VIEW
        • HINTS
        • EXPLAIN
        • RESET
        • SET
        • SHOW
        • USE CATALOG
        • USE database_name
      • DML Statements
        • Queries Overview
        • Deduplication
        • Group Aggregation
        • INSERT INTO FROM SELECT
        • INSERT VALUES
        • Joins
        • LIMIT
        • Pattern Recognition
        • ORDER BY
        • OVER Aggregation
        • SELECT
        • Set Logic
        • EXECUTE STATEMENT SET
        • Top-N
        • Window Aggregation
        • Window Deduplication
        • Window Join
        • Window Top-N
        • Window Table-Valued Function
        • WITH
      • Functions
        • Flink SQL Functions
        • Aggregate
        • Collections
        • Comparison
        • Conditional
        • Datetime
        • Hashing
        • JSON
        • AI Model Inference
        • Numeric
        • String
        • Table API
      • Data Types
      • Data Type Mappings
      • Time Zone
      • Keywords
      • Information Schema
      • Example Streams
      • Supported Cloud Regions
      • SQL Examples
      • Table API
      • CLI Reference
    • Get Help
  • Build AI with Flink
    • Overview
    • Run an AI Model
    • Create an Embedding
  • Process Data with ksqlDB
    • Create Stream Processing Apps with ksqlDB
    • Quick Start
    • Enable ksqlDB Integration with Schema Registry
    • ksqlDB Cluster API Quick Start
    • Monitor ksqlDB
    • Manage ksqlDB by using the CLI
    • Manage Connectors With ksqlDB
    • Develop ksqlDB Applications
    • Pull Queries
    • Grant Role-Based Access
    • Migrate ksqlDB Applications on Confluent Cloud
  • Manage Networking
    • Overview
    • Networking on AWS
      • Overview
      • Public Networking on AWS
      • Confluent Cloud Network on AWS
      • PrivateLink on AWS
        • Overview
        • Inbound PrivateLink for Dedicated Clusters
        • Inbound PrivateLink for Serverless Products
        • Outbound PrivateLink for Dedicated Clusters
        • Outbound PrivateLink for Serverless Products
      • VPC Peering on AWS
      • Transit Gateway on AWS
      • Private Network Interface on AWS
    • Networking on Azure
      • Overview
      • Public Networking on Azure
      • Confluent Cloud Network on Azure
      • Private Link on Azure
        • Overview
        • Inbound Private Link for Dedicated Clusters
        • Inbound Private Link for Serverless Products
        • Outbound Private Link for Dedicated Clusters
        • Outbound Private Link for Serverless Products
      • VNet Peering on Azure
    • Networking on Google Cloud
      • Overview
      • Public Networking on Google Cloud
      • Confluent Cloud Network on Google Cloud
      • Private Service Connect on Google Cloud
        • Overview
        • Inbound Private Service Connect for Dedicated Clusters
        • Inbound Private Service Connect for Serverless Products
        • Outbound Private Service Connect for Dedicated Clusters
      • VPC Peering on Google Cloud
    • Connectivity for Confluent Resources
      • Overview
      • Public Egress IP Address for Connectors and Cluster Linking
      • Cluster Linking using AWS PrivateLink
      • Follower Fetching using AWS VPC Peering
    • Use the Confluent Cloud Console with Private Networking
    • Test Connectivity
  • Log and Monitor
    • Metrics
    • Manage Notifications
    • Monitor Consumer Lag
    • Monitor Dedicated Clusters
      • Monitor Cluster Load
      • Manage Performance and Expansion
      • Track Usage by Team
    • Observability for Kafka Clients to Confluent Cloud
  • Manage Billing
    • Overview
    • Marketplace Consumption Metrics
    • Use AWS Pay As You Go
    • Use AWS Commits
    • Use Azure Pay As You Go
    • Use Azure Commits
    • Use Professional Services on Azure
    • Use Google Cloud Pay As You Go
    • Use Google Cloud Commits
    • Use Professional Services on Google Cloud
    • Marketplace Organization Suspension and Deactivation
  • Manage Service Quotas
    • Overview
    • Service Quotas
    • View Service Quotas using Confluent CLI
    • Service Quotas API
  • APIs
    • Confluent Cloud APIs
    • Kafka Admin and Produce REST APIs
    • Connect API
    • Client APIs
      • C++ Client API
      • Python Client API
      • Go Client API
      • .NET Client API
    • Provider Integration API
    • Flink REST API
    • Metrics API
    • Stream Catalog REST API Usage
    • GraphQL API
    • Service Quotas API
  • Confluent CLI
  • Release Notes & FAQ
    • Release Notes
    • FAQ
    • Upgrade Policy
    • Compliance
    • Generate a HAR file for Troubleshooting
    • Confluent AI Assistant
  • Support
  • Glossary

Use Cluster Linking on Confluent Cloud with AWS PrivateLink¶

This topic describes Network Links in Confluent Cloud. The feature is soon to be deprecated and is being replaced in AWS regions in phases.

Important

Cluster Linking between Dedicated clusters over AWS PrivateLinks no longer requires Network Links if your clusters are in the following AWS regions. And it is no longer necessary or recommended to set up Network Linking to use Cluster Linking in those regions.

  • eu-central-1
  • eu-west-1
  • eu-west-2
  • us-east-1
  • us-east-2
  • us-west-2
  • ap-south-1
  • ap-southeast-1
  • ap-southeast-2

If you are currently using the now legacy Network Links feature, and if you choose to continue using Network Links, you cannot set up and use Cluster Linking between AWS and Azure.

To upgrade existing Network Links, contact Confluent Support.

When you set up topic replication between two Dedicated Confluent Cloud clusters deployed with PrivateLink configuration on AWS, you need to set up and operate a replicator in your network. With Network Linking, you can enable managed topic mirroring using Cluster Linking. You can use Network Linking to create a secure path between two Dedicated Confluent Cloud clusters with private link configurations, enabling Cluster Linking operations.

A Network Link is a unidirectional link that establishes one-way connectivity from the origin network to the target network, either in the same or different cloud regions. To create bidirectional connectivity and data replication, two separate Network Links are needed.

Network Links do not incur additional charges in Confluent Cloud.

A Network Link is composed of two components: a Network Link Service and a Network Link Endpoint.

../_images/cluster-linking-network-linking.png

The target Confluent Cloud Network contains:

  • A Network Link Service

    A Network Link Service contains a list of network ID(s) and/or environment ID(s) that are allowed to establish Network Links to the target network.

    A Network Link Service can be updated with additional, different, or fewer, environment ID(s) and network ID(s) to change the allowed network topologies. If an environment or network id is removed from the list, all network links from that environment or network are terminated. A terminated Network Link will cause its Network Link Endpoint to enter the disconnected state and its cluster link(s) to stop replicating data.

  • Network Link Service Association

    A Network Link Service Association contains a list of incoming Network Link Endpoints associated with a Network Link Service.

The origin Confluent Cloud Network contains:

  • A Network Link Endpoint

    A Network Link Endpoint refers to one specific Network Link Service. It must be created after the Network Link Service.

    When the Network Link Endpoint’s status changes to READY, the Network Link has been successfully established.

Requirements¶

  • Network Links and their Cluster Links must stay within the bounds of one Confluent Cloud Organization that is authorized to incur billing charges and contains:

    • User(s) with the following RBAC roles: OrganizationAdmin, EnvironmentAdmin, or NetworkAdmin.
    • Two Dedicated Confluent Cloud clusters with AWS PrivateLink configuration in different Confluent Cloud networks (any regions).
    • Connectivity to Confluent REST API endpoints (https://api.confluent.cloud/), available over secure public endpoints) for one-time REST API calls. This can be from a personal computer, SSH session, or development instance.

  • An organization in Confluent Cloud can have a maximum of 20 Network Links.

  • Each Confluent Cloud network can have a maximum of 1 Network Link Service.

  • Each Confluent Cloud network can have a maximum of 5 Network Link Endpoints (outgoing links).

  • Each Network Link Service can have a maximum of 5 Network Link Endpoints that are referenced by Network Link Service Associations (incoming links).

    The 5 incoming Network Link Endpoints for a Network Link Service must originate from different Confluent Cloud networks; they cannot all come from the same network.

  • Cluster Linking mirroring throughput (the bandwidth used to read data or write data to your cluster) is counted against your Fixed limits and recommended guidelines.

  • The REST API calls to manage Network Linking must be authenticated using the Cloud API key and the secret.

Create a Network Link¶

Note

Currently, you can use Confluent REST API, Confluent CLI, or Terraform to create and manage Network Linking. Confluent Cloud Console is not supported to create and manage Network Linking.

You need the following information to create a Network Link:

  • Environment ID and Network ID of the origin Confluent Cloud network
  • Environment ID and Network ID of the target Confluent Cloud network

The high-level workflow to create a Network Link is:

  1. Create a Network Link Service in the target network.
  2. Verify that the Network Link Service is in the READY state.
  3. Create a Network Link Endpoint in the origin network.
  4. Verify that the Network Link Endpoint is in the READY state.

See an end-to-end example of creating and managing Network Linking using Terraform.

Create a Network Link Service¶

Create a Network Link Service in Confluent Cloud.

For details about the Network Link Service REST request, see Network Link Services.

  1. In the target network, create a Network Link Service with an accept list.

    An accept list lets what Environments or Networks are allowed to connect to this target network using the Network Link.

    REST request

    POST https://api.confluent.cloud/networking/v1/network-link-services

    REST request body

    {
    "spec":
    {
        "display_name": "<display-name>",
        "description": "<optional-description>",
        "environment":
        {
            "id": "<environment-id-this-network-link-belongs-to>"
        },
        "network":
        {
            "id": "<network-id-this-network-link-belongs-to>"
        },
        "accept": {
            "networks": [ "<list-of-allowed-network-ids>" ],
            "environments": [ "<list-of-allowed-environment-ids>" ]
        }
    }
 }

    Take note of the ID of the network_link_service in the REST API response.

Use the confluent network link service create Confluent CLI command to create a Network Link Service:

confluent network link service create  [name] [flags]

The following are the command-specific flags:

  • --network: Required. The ID of the Confluent Cloud network this service belongs to.
  • --description: The network link service description.
  • --accepted-networks: A comma-separated list of networks from which connections can be accepted.
  • --accepted-environments: A comma-separated list of environments from which connections can be accepted.

The following example command creates a Network Link Service for network “n-123456” with accepted environments “env-111111” and “env-222222”:

confluent network link service create \
  --network n-123456 \
  --description "example network link service" \
  --accepted-environments env-111111,env-222222

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.

Use the confluent_network_link-service resource to create a Network Link Service.

An example snippet of Terraform configuration:

resource "confluent_environment" "development" {
  display_name = "Development"
}

resource "confluent_network" "aws-private-link" {
  display_name     = "AWS Private Link Network"
  cloud            = "AWS"
  region           = "us-east-1"
  connection_types = ["PRIVATELINK"]
  zones            = ["use1-az1", "use1-az2", "use1-az6"]
  environment {
    id = confluent_environment.development.id
  }

  lifecycle {
    prevent_destroy = true
  }
}

resource "confluent_network_link_service" "aws_nls" {
  display_name = "AWS Private Link network link service"
  environment {
    id = confluent_environment.development.id
  }
  network {
    id = confluent_network.aws-private-link.id
  }
  description = "Test NL service"
  accept {
    environments = ["env-5678", "env-0923"]
    networks = ["n-1234"]
  }

  lifecycle {
    prevent_destroy = true
  }
}

See an end-to-end example of creating and managing Network Linking using Terraform.


Check Network Link Service status¶

Check that the Network Link Service is in the READY state.

For details about the Network Link Service REST request, see Network Link Service Status.

REST request

GET https://api.confluent.cloud/networking/v1/network-link-services/<network-link-service-id>

Use the confluent network link service describe Confluent CLI command to create a Network Link Service:

confluent network link service describe <id> [flags]

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.

The following example command describe network link service “nls-123456”.

confluent network link service describe nls-123456

Use the confluent_network_link-service resource to check the Network Link Service.

See an end-to-end example of creating and managing Network Linking using Terraform.


Create a Network Link Endpoint¶

Create a Network Link Service Endpoint in Confluent Cloud.

For details about the Network Link Endpoint REST request, see Network Link Endpoint.

In the origin network, create a Network Link Endpoint, using the network_link_service.id from the previous step.

If you don’t have this ID from the previous step, it can be retrieved by listing the Network Link Services in the target Environment or target Confluent Cloud network with the this request.

REST request

POST https://api.confluent.cloud/networking/v1/network-link-endpoints

REST request body

{
   "spec":
   {
       "display_name": "<display-name>",
       "description": "<optional-description>",
       "environment":
       {
           "id": "<environment-id-this-network-link-belongs-to>"
       },
       "network":
       {
           "id": "<network-id-this-network-link-belongs-to>"
       },
       "network_link_service":
       {
           "id": "<ID-of-created-network-link-service>"
       }
   }
}

Use the confluent network link endpoint create Confluent CLI command to create a Network Link Endpoint:

confluent network link endpoint create [name] [flags]

The following are the command-specific flags:

  • --network: Required. The ID of the Confluent Cloud network this endpoint belongs to.
  • --network-link-service: Required. The Network Link Service ID.
  • --description: The description of this Network Link Endpoint.

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.

The following is an example Confluent CLI command to create an AWS Network Link Endpoint for network “n-123456” and network link service “nls-abcde1”:

confluent network link endpoint create \
  --network n-123456 \
  --description "example network link endpoint" \
  --network-link-service nls-abcde1

Use the confluent_network_link_endpoint resource to create a Network Link Endpoint.

An example snippet of Terraform configuration:

resource "confluent_network_link_endpoint" "nle" {
  display_name = "nle1"
  description  = "TEST-NLE1"
  environment {
    id = "env-xyz456"
  }
  network {
    id = "n-abc123"
  }
  network_link_service {
    id = "nls-g3e1ox"
  }
}

output "network_link_endpoint" {
  value = confluent_network_link_endpoint.nle
}

See an end-to-end example of creating and managing Network Linking using Terraform.

Check Network Link Endpoint status¶

Check that the Network Link is in the READY state.

For details about the Network Link Endpoint REST request, see Network Link Endpoint Status.

REST request

GET https://api.confluent.cloud/networking/v1/network-link-endpoints/<network-link-endpoint-id>

REST response example

{
  "api_version": "networking/v1",
  "id": "nle-61ozeo",
  "kind": "NetworkLinkEndpoint",
  "metadata": {
    "created_at": "2023-03-23T16:32:29.851017Z",
    "resource_name": "crn://confluent.cloud/organization=94b47aa0-ed3a-44da-9460-6cec0c710e84/environment=env-y9z9k/network=n-pr1ml2/network-link-endpoint=nle-61ozeo",
    "self": "https://api.confluent.cloud/networking/v1/network-link-endpoints/nle-61ozeo?environment=env-y9z9k",
    "updated_at": "2023-03-23T16:36:16.46025Z"
  },

  ...

  "status": {
    "phase": "READY"
  }
}

Use the confluent network link endpoint describe Confluent CLI command to check the status of a Network Link Endpoint:

confluent network link endpoint describe <id> [flags]

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.

Use the confluent_network_link_endpoint resource to check the status of a Network Link Endpoint.

See an end-to-end example of creating and managing Network Linking using Terraform.

Check Network Link Service Associations¶

You can fetch the list of incoming network link endpoints to a Network Link Service using the Network Link Service Association API.

For details, see Cloud API reference.

REST request

GET https://api.confluent.cloud/networking/v1/network-link-service-associations

REST query parameters

  • spec.network_link_service: Required. ID of the Network Link Service.
  • environment: Required. ID of the Confluent Cloud environment.

REST response example

{
  "api_version": "networking/v1",
  "id": "nle-gqz3wo",
  "kind": "NetworkLinkServiceAssociation",
  "spec": {
    ...
    "network_link_endpoint": "nle-gqz3wo",
    "network_link_service":
    {
      "environment": "env-domzy7",
      "id": "nls-6v8x5j",
    }
  }
}

Use the confluent network link service association describe Confluent CLI command to create a Network Link Service:

confluent network link service association describe <id> [flags]

The following is a command-specific flag:

  • --network-link-service: Required. The Network Link Service ID.

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.

Update a Network Link¶

You can update the following fields in a Network Link.

  • Network Link Service: display_name, description, accept

    Updating the accept policy to remove an existing environment or network will result in the termination of the connection.

  • Network Link Endpoint: display_name, description

Update a Network Link Service¶

Update a Network Link Service in Confluent Cloud.

REST request

PATCH https://api.confluent.cloud/networking/v1/network-link-services/<network-link-service-id>

REST request body

{
   "spec":
   {
      "display_name": "<new-display-name>",
      "description": "<new-description>",
      "accept":
      {
         "networks": [ "<updated-list-of-allowed-network-ids>" ],
         "environments": [ "<updated-list-of-allowed-environment-ids>" ]
       },
      "environment":
      {
         "id": "<environment-id-this-network-link-belongs-to>"
      }
   }
}

Use the confluent network link service update Confluent CLI command to update a Network Link Service:

confluent network link service update  [id] [flags]

The following are the command-specific flags:

  • --name: The name of the Network Link Service.
  • --description: The description of the Network Link Service.
  • --accepted-networks: A comma-separated list of networks from which connections can be accepted.
  • --accepted-environments: A comma-separated list of environments from which connections can be accepted.

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.

The following example Confluent CLI command updates the name and description of network link service “nls-123456”:

confluent network link service update nls-123456 \
  --name my-network-link-service \
  --description "example network link service"

The following example Confluent CLI command update the accepted environments and accepted networks of network link service “nls-123456”:

confluent network link service update nls-123456 \
  --description "example network link service" \
  --accepted-environments env-111111 \
  --accepted-networks n-111111,n-222222

Update a Network Link Endpoint¶

Create a Network Link Service Endpoint in Confluent Cloud.

REST request

PATCH https://api.confluent.cloud/networking/v1/network-link-endpoints/<network-link-endpoint-id>

REST request body

{
   "spec":
   {
      "display_name": "<new-display-name>",
      "description": "<new-description>",
      "environment":
      {
         "id": "<environment-id-this-network-link-belongs-to>"
      }
   }
}

Use the confluent network link endpoint update Confluent CLI command to update a Network Link Endpoint:

confluent network link endpoint update <id> [flags]

The following are the command-specific flags:

  • --name: The name of the Network Link Endpoint.
  • --description: The description of the Network Link Endpoint.

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.

The following example command updates the name and description of network link endpoint “nle-123456”:

confluent network link endpoint update nle-123456 \
  --name my-network-link-endpoint \
  --description "example network link endpoint"

Delete a Network Link¶

Deleting a Network Link will stop data replication from any cluster links that it contains (this is expected to take several minutes).

To delete a Network Link:

  1. Delete the Network Link Endpoint.
  2. Delete the Network Link Service.

Delete a Network Link Service¶

You can delete a Network Link Service that is in the READY state.

You can delete a Network Link Service only if there is no active, pending provisioning, or pending de-provisioning Network Link Endpoints is connected.

REST request

DELETE https://api.confluent.cloud/networking/v1/network-services/<network-link-service-id>

Use the confluent network link service delete Confluent CLI command to delete a Network Link Service:

confluent network link service delete <id-1> [id-2] ... [id-n] [flags]

The following is the command-specific flag:

  • --force: Skip the deletion confirmation prompt.

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.

Delete a Network Link Endpoint¶

You can delete a Network Link Endpoint that is in the READY state.

REST request

DELETE https://api.confluent.cloud/networking/v1/network-link-endpoints/<network-link-endpoint-id>

Use the confluent network link endpoint delete Confluent CLI command to delete a Network Link Endpoint:

confluent network link endpoint delete <id-1> [id-2] ... [id-n] [flags]
  • --force: Skip the deletion confirmation prompt.

You can specify additional optional CLI flags described in the Confluent CLI command reference, such as --environment.


Alternatively, you can terminate a connection between two networks by updating the allowlist on the Network Link Service. Remove the ID of the Network or Environment containing the Network Link Endpoint. This is useful if the owner of the Network Link Service wants to delete the Network Link but doesn’t have access to the Network Link Endpoint. The Network Link Endpoint will enter the DISCONNECTED state, and will need to be deleted.

You cannot recover a Network Link Endpoint that is in the DISCONNECTED state. You must delete the DISCONNECTED Network Link Endpoint before you can establish a new Network Link between this permutation of networks.

Cluster Linking using Network Link¶

After the Network Link is created, you can create Cluster Links for privately networked, Dedicated Confluent Cloud clusters on AWS.

  • The origin network hosts the destination Kafka cluster.
  • The target network hosts the source Kafka cluster.

Source-initiated cluster links are not available with Network Links.

To get started, see Cluster Linking between AWS PrivateLink clusters.

Was this doc page helpful?

Give us feedback

Do you still need help?

Confluent support portal Ask the community
Thank you. We'll be in touch!
Be the first to get updates and new content

By clicking "SIGN UP" you agree that your personal data will be processed in accordance with our Privacy Policy.

  • Confluent
  • About
  • Careers
  • Contact
  • Professional Services
  • Product
  • Confluent Cloud
  • Confluent Platform
  • Connectors
  • Flink
  • Stream Governance
  • Developer
  • Free Courses
  • Tutorials
  • Event Streaming Patterns
  • Documentation
  • Blog
  • Podcast
  • Community
  • Forum
  • Meetups
  • Kafka Summit
  • Catalysts
Terms & Conditions Privacy Policy Do Not Sell My Information Modern Slavery Policy Cookie Settings Feedback

Copyright © Confluent, Inc. 2014- Apache®️, Apache Kafka®️, Kafka®️, Apache Flink®️, Flink®️, Apache Iceberg®️, Iceberg®️ and associated open source project names are trademarks of the Apache Software Foundation

On this page: