Use Public Egress IP Addresses on Confluent Cloud for Connectors and Cluster Linking

Confluent Cloud provides public egress IP addresses for managed connectors and Cluster Linking. The IP addresses are used to securely establish outbound connections to endpoints of external data sources and sinks over the public internet. Egress IP addresses are beneficial for:

• IP allowlisting. Adding egress IP addresses to the allowlist of an external resource ensures that only traffic originating from a known and consistent IP address is allowed to connect to the external resource.
• Regulatory compliance. Some organizations require that all outbound traffic is initiated from an IP address.
• Logging and monitoring. Egress IP addresses can be used to identify the source of traffic in logs and metrics.

Egress IP addresses in Confluent Cloud can be used to:

• Establish an outbound connections to endpoints of external data sources and sinks over the public internet using Confluent Cloud managed connectors on AWS, Azure, and Google Cloud.
• Configure the allowlist of an external resource to allow connections from Confluent Cloud services for Cluster linking on AWS.

Egress IP addresses are not exclusive to specific Confluent Cloud accounts. All Confluent Cloud managed connectors that use the same cloud service provider and region share the same available egress IP addresses.

Requirements and considerations

When using egress IP addresses, review the following requirements and considerations:

• Public egress IP addresses are not guaranteed to be static although Confluent will make the best effort to minimize changes.

  For detail, see FAQ.

• The IP addresses are associated with specific cloud service providers and regions. If you change the region of a Confluent Cloud cluster, you need to update your allowlists to use the IP addresses available for the region.

• Egress IP addresses are not available for clusters accessed via private networking (PrivateLink, VPC/Vnet Peering, or TGW).

• Azure does not support IP-based allowlisting if the managed connectors on Confluent Cloud and the Azure service reside in the same Azure region.

  For more information, see Grant access from an internet IP range.

List the available egress IP addresses

The egress IP addresses only appear for the publicly networked Kafka cluster.

Confluent Cloud ConsoleREST APIs

You can view the list of available egress IP addresses in the Confluent Cloud Console under the Cluster networking page for your Kafka cluster or when you add a new managed connector to a Kafka cluster.

On Cluster networking page:

1. In the Confluent Cloud Console, select your Kafka cluster.
2. Click Networking.
3. On the Cluster networking page, the list of available egress IP addresses appear under Egress IPs and can be copied for later use with managed connectors.

When adding a managed connector:

1. In the Confluent Cloud Console, select your Kafka cluster.
2. Click Cluster settings, and then click Connector.
3. On the Connectors page, select the managed connector that you want to add. The Add connector page appears.
4. On the Authentication page, click Add Confluent cluster IP addresses to your firewall’s allowlist. The list of available egress IP addresses are listed and can be copied for later use.

Related content

• For information about using egress IP addresses with fully-managed connectors, see Public Egress IP Addresses for Confluent Cloud Connectors.
• For more information about listing the available egress IP addresses using Confluent Cloud APIs, see Cloud API reference.