Use VPC Peering on AWS

A VPC peering connection is a networking connection between your VPC and Confluent Cloud that enables you to route traffic using private IPv4 addresses. VPCs can communicate with each other as if they are within the same network.

For more information about VPC peering with AWS, see What Is Amazon VPC?

Prerequisites

Create a Confluent Cloud network in in AWS

To create a Dedicated cluster with AWS VPC Peering, you must first create a Confluent Cloud network in the required cloud and region.

Note

You can create multiple clusters within one Confluent Cloud network. For details on default service quotas, see Network quotas.

The following information is needed to create a Confluent Cloud network:

  • Region and availability zones for the Confluent Cloud network. The Dedicated clusters created in these Confluent Cloud networks will inherit the region and availability zones.
  • CIDR block for the Confluent Cloud network. See below for the CIDR block requirements.
  • Name for the Confluent Cloud network.

Review the following requirements for CIDR block selections.

The CIDR block must be in one of the following private networks, as mentioned in RFC 1918.

  • 10.0.0.0/8
  • 100.64.0.0/10
  • 172.16.0.0/12
  • 192.168.0.0/16
  • 198.18.0.0/15

The CIDR block cannot be any of the following:

  • 10.100.0.0/16
  • 10.255.0.0/16
  • 172.17.0.0/16
  • 172.20.0.0/16

Additional notes when selecting your CIDR block:

  • The RFC 6598 shared address space is supported on AWS.
  • Must be a /16 CIDR block.
  • Cannot be modified after the Confluent Cloud network is provisioned.
  • Must not overlap with an existing Confluent Cloud CIDR block.
  1. In the Confluent Cloud Console, go to the Network management page for your environment.
  2. Click Create your first network if this is the first network in your environment, or click + Add Network if your environment has existing networks.
  3. Select AWS as the cloud service provider and select the geographic region in Region.
  4. Select the VPC Peering connectivity type, enter your the Zone Placement and CIDR for Confluent Cloud, and then click Continue.
  5. Specify a Network Name, review your configuration, and click Create Network.

In most cases, it takes up to 15 to 20 minutes to create a Confluent Cloud network. Keep note of the Confluent Cloud network ID from the response to specify it in the following commands.

After successfully provisioning the Confluent Cloud network, you can add Dedicated clusters within your Confluent Cloud network by using either of the following procedures:

Create a VPC peering connection

Follow this procedure to create a VPC peering connection to a Confluent Cloud network on AWS using the Confluent Cloud Console or REST APIs.

The following information is required:

  • The AWS account ID associated with the VPC you are peering to Confluent Cloud network.
  • The VPC ID you are peering with Confluent Cloud network.
  • The CIDR block of the VPC you are peering with Confluent Cloud network. This is used by Confluent Cloud network to route traffic back to your network.
  • The CIDR block must be a private range and cannot overlap with the Confluent Cloud CIDR block.
  • You might need to increase your route quota when you use VPC peering because the Confluent Cloud and AWS routes are shared.

Follow this procedure to create a VPC network peering connection to a Confluent Cloud cluster on AWS. You can have multiple VPC peering connections. For information about limits, see Kafka cluster quotas.

  1. In the Confluent Cloud Console, go to your Confluent Cloud network resource and click + VPC Peering.

  2. Enter Name, AWS Account Number, AWS VPC ID, AWS VPC CIDR, and click Add. Peering connection provisioning will take a few minutes to complete. Your peering connection status will transition from “Provisioning” to “Inactive” in the Confluent Cloud Console.

  3. When the connection status is “Inactive” in the Confluent Cloud Console, go to the Amazon VPC Console and accept the peering request. You have seven days to accept the request before it expires. For details on accepting peering connections, refer to Create and accept VPC peering connections [Amazon Virtual Private Cloud] in the AWS documentation.

    Tip

    If your request has expired, contact Confluent to resend the request. After you have accepted the peering request, the status of the peering connection will change to “Active”.

  4. Add the new peering connection to the route table for your VPC in the AWS Management Console. For details on updating route tables, see the AWS documentation.

    1. Go to the VPC section of the AWS Management Console and click Route Tables.
    2. Select the route table for your VPC and click Edit routes.
    3. Click Add route.
    4. Add the Confluent Cloud network VPC CIDR block to the Destination column. You can find the Confluent Cloud network VPC CIDR block in the Network Overview of your Confluent Cloud network.
    5. Add the AWS Peering Connection ID to the Target column. This value is prefixed with pcx-.
    6. Click Save routes.

When you are done, the VPC peering status should display “Active” in the Confluent Cloud Console.