Use Static IP addresses on Confluent Cloud

Confluent Cloud provides egress static IP addresses for managed connectors and Cluster Linking. The static IP addresses are used to securely establish outbound connections to endpoints of external data sources and sinks over the public internet. Egress static IP addresses are beneficial for:

  • IP allowlisting. Adding egress static IP addresses to the allowlist of an external resource ensures that only traffic originating from a known and consistent IP address is allowed to connect to the external resource.
  • Regulatory compliance. Some organizations require that all outbound traffic is initiated from a static IP address.
  • Logging and monitoring. Egress static IP addresses can be used to identify the source of traffic in logs and metrics.

Egress static IP addresses in Confluent Cloud can be used to:

  • Establish an outbound connections to endpoints of external data sources and sinks over the public internet using Confluent Cloud managed connectors on AWS, Azure, and Google Cloud.
  • Configure the allowlist of an external resource to allow connections from Confluent Cloud services for Cluster linking on AWS.

Egress static IP addresses are not exclusive to specific Confluent Cloud accounts. All Confluent Cloud managed connectors that use the same cloud service provider and region share the same available egress static IP addresses.

Requirements

When using egress static IP addresses, you need to understand that the static IP addresses are:

  • Associated with specific cloud service providers and regions. If you change the region of a Confluent Cloud cluster, you need to update your allowlists to use the static IP addresses available for the region.
  • Egress static IP addresses are not available for clusters accessed via private networking (PrivateLink, VPC/Vnet Peering, or TGW).

List the available egress static IP addresses

You can view the list of available egress static IP addresses in the Confluent Cloud Console under the Cluster networking page for your Kafka cluster or when you add a new managed connector to a Kafka cluster.

Note that the egress static IP addresses only appear for the publically networked Kafka cluster.

On Cluster networking page

  1. Open the Confluent Cloud Console and select your Kafka cluster. The Overview page appears.
  2. Click Networking. The Cluster networking page appears.

On the Cluster networking page, the list of available egress static IP addresses appear under Egress IPs and can be copied for later use with managed connectors.

When adding a managed connector

  1. Open the Confluent Cloud Console and select your Kafka cluster. The Overview page appears.
  2. Click Cluster settings and then click Connector. The Connectors page appears.
  3. Select the managed connector that you want to add. The Add connector page appears.

When you get to the Authentication page, click Add Confluent cluster static IP addresses to your firewall’s allowlist. The list of available egress static IP addresses are listed and can be copied for later use.

Fully-managed connectors supporting egress static IP addresses

For information about using egress static IP addresses with fully-managed connectors, see Egress Static IP Addresses for Confluent Cloud Connectors.