Service Quotas for Confluent Cloud¶
There is a maximum quantity of resources and operations that can be used by organizations, environments, accounts, networks, and clusters in Confluent Cloud. These service quotas, or default limits, enable Confluent to manage the availability and scalability of Confluent Cloud resources.
In the sections below, the service quotas are grouped by resource scope that they apply to. Some resource limits are different for different scopes.
The default limits are usually adequate for most use cases, but if your requirements exceed the default limits, you can request increases for many of the default limits. For service quotas that have a quota code (ID) listed below, you use the use the Quotas API to get the current values.
Note
All Confluent Cloud resources have hard thresholds that cannot be exceeded, but many of the default quotas can be increased based on your changing requirements. To request an increase for a quota, contact Confluent Support.
Client quotas define throughput limits for specific principals on Dedicated Clusters. For more information about client quotas, see Multi-tenancy and Client Quotas on Confluent Cloud.
Service quota notifications¶
You can manage notifications for service quota events with the Confluent Cloud Console or with the REST API. For more information, see Notifications for Confluent Cloud.
Confluent Cloud service quota notification thresholds are as follows:
| Usage (% quota) | Notification level |
|---|---|
| 50 | Information |
| 90 | Warning |
| 100 | Critical |
When notifications are enabled for a given notification level, you get notifications for each quota that exceeds the relevant notification threshold (50%, 90%, or 100% usage).
Note
Only quotas that have usage data available are eligible for notifications.
Notifications are sent only for exceeding a notification threshold, not for dipping beneath a threshold.
Usage data is returned only if there has been non-zero usage. To see if a service quota generates usage data that can be used for notifications, review the Usage data available column in the tables below.
Service quotas¶
The following tables list the service quotas for Confluent Cloud resources by scope. Some resources have different limits for different scopes. For example, the maximum number of Kafka clusters is 20 per environment, but is 100 per organization.
Note
If a service quota does not have a quota code (ID), you cannot determine the current, applied limit using the Quotas API. To get the current applied limit for a service quota that does not have a quota code, contact Confluent Support.
Organization¶
Each service quota listed below applies to the scope of one Confluent Cloud organization.
To get the current applied limits for an organization, see Quotas API.
Important
The RBAC role bindings (for organization plus environments) limit in the Organization scope includes the total of role bindings for the organization plus the role bindings for the environments within that organization, but excludes the limits for Kafka clusters, ksqlDB clusters, and connectors.
| Resource | Quota (default) | Quota code (ID) | Usage data available |
|---|---|---|---|
| Audit Log API keys | 2 | iam.max_audit_log_api_keys.per_org |
|
| Cloud API keys | 1000 | iam.max_cloud_api_keys.per_org |
✔ |
| Self-managed (BYOK) encryption keys | 20 | byok.max_keys.per_org |
|
| Environments | 25 | iam.max_environments.per_org |
✔ |
| Identity providers (OAuth) | 5 | iam.max_identity_providers.per_organization |
|
| Single sign-on (SSO) group mappings | 10 | iam.max_group_mappings.per_organization |
|
| Kafka clusters | 100 | iam.max_kafka_clusters.per_org |
✔ |
| RBAC role bindings (organization plus environments, includes Schema Registry RBAC roles) | 1000 | iam.max_rbac_role_bindings.per_org_plus_envs |
|
| Service accounts | 1000 | iam.max_service_accounts.per_org |
✔ |
| User accounts (active and invited) | 500 | iam.max_users.per_org |
✔ |
| Stream Designer pipelines | 100 | sd.max_pipelines.per_organization |
|
| Custom connector plugins | 100 | ||
| Custom connectors | 30 |
Environment¶
Each service quota listed below applies to the scope of one Confluent Cloud environment. For the limit on the number of environments, see Organization scope.
To get the current applied limits for an environment, see Quotas API.
Important
The RBAC role bindings (for organization plus environments) limit in the Organization scope includes the total of role bindings for the organization plus the role bindings for the environments within that organization, but excludes the limits for Kafka clusters, ksqlDB clusters, and connectors.
| Resource | Quota (default) | Quota code (ID) | Usage data available |
|---|---|---|---|
| Kafka clusters | 20 | kafka.max_kafka_clusters.per_env |
✔ |
| Kafka clusters (pending) | 3 | kafka.max_pending_kafka_clusters.per_env |
|
| Kafka cluster CKUs | 50 | kafka.max_ckus.per_env |
✔ |
| ksqlDB clusters | 10 | ksql.max_apps.per_env |
|
| Data Governance clusters | 1 | n/a
|
Network¶
Each service quota listed below applies to the scope of one Confluent Cloud network. For more information about AWS PrivateLink attachments, see AWS PrivateLink for Enterprise Clusters.
To get the current applied limits for an organization, see Quotas API.
| Resource | Quota (default) | Quota code (ID) | Usage data available |
|---|---|---|---|
| Networks | 3 | networking.max_network.per_environment |
✔ |
| Kafka clusters | 10 | n/a | |
| Kafka cluster CKUs | 72 | n/a | |
| Peering | 25 | networking.max_peering.per_network |
✔ |
| AWS PrivateLink account accesses (unlimited connections) | 10 | networking.max_private_link.per_network |
✔ |
| Azure Private Link subscription accesses (unlimited connections) | 10 | networking.max_private_link.per_network |
✔ |
| Google Cloud Private Service Connect project accesses (unlimited connections) | 10 | networking.max_private_link.per_network |
✔ |
| Transit gateways | 1 | networking.max_transit_gateway.per_network |
✔ |
| AWS PrivateLink Attachments per environment for Enterprise | 3 | n/a | |
| AWS PrivateLink Attachment connections per AWS PrivateLink Attachment for Enterprise | 10 | n/a |
Kafka Cluster¶
Each service quota listed below applies to the scope of one Kafka cluster. For the limit on the number of Kafka clusters, see the scopes for Organization and Environment.
To get the current applied limits for a Kafka cluster, see Quotas API.
| Resource | Quota (default) | Quota code (ID) | Usage data available |
|---|---|---|---|
| E-CKUs | 5 | n/a | |
| CKUs (for credit card billing) | 4 (Incrementally increasable to 100) | kafka.max_ckus.per_cluster |
|
| CKUs (for integrated cloud provider billing or invoice payments) | 24 (Incrementally increasable to 100) | kafka.max_ckus.per_cluster |
|
| API keys (for Dedicated Kafka cluster) | 2000 | kafka.max_api_keys.per_cluster |
✔ |
| API keys (for Enterprise Kafka cluster) | 500 | kafka.max_api_keys.per_cluster |
✔ |
| API keys (for Standard Kafka cluster) | 100 | kafka.max_api_keys.per_cluster |
✔ |
| API keys (for Basic Kafka cluster) | 50 | kafka.max_api_keys.per_cluster |
✔ |
| Connector tasks | 250 | n/a | |
| ACLs (for each Dedicated Kafka cluster) | 10000 | n/a | |
| ACLs (for each Enterprise Kafka cluster) | 4000 | n/a | |
| ACLs (for each Basic and Standard Kafka cluster) | 1000 | n/a | |
| RBAC role bindings | 500 | iam.max_rbac_role_bindings.per_cluster |
Service Account¶
Each service quota listed below applies to the scope of one service account. For the limit on the number of service accounts, see Organization scope.
To get the current applied limits for an organization, see Quotas API.
| Resource | Quota (default) | Quota code (ID) | Usage data available |
|---|---|---|---|
| Cloud API keys | 10 | iam.max_cloud_api_keys.per_service_account |
✔ |
| Cluster API keys | 10 | iam.max_cluster_api_keys.per_service_account |
✔ |
User Account¶
Each service quota listed below applies to the scope of one user account. For the limit on the number of user accounts, see Organization scope.
To get the current applied limits for an organization, see Quotas API.
| Resource | Quota (default) | Quota code (ID) | Usage data available |
|---|---|---|---|
| Cloud API keys | 10 | iam.max_cloud_api_keys.per_user |
✔ |
| Cluster API keys | 10 | iam.max_cluster_api_keys.per_user |
✔ |
Identity provider (OAuth)¶
Each service quota listed below applies to the scope of one Confluent Cloud identity provider. For the limit on the number of OAuth identity providers, see Organization scope.
| Resource | Quota (default) | Quota code (ID) | Usage data available |
|---|---|---|---|
| Identity pools | 100 | n/a
|
ksqlDB cluster¶
Each service quota listed below applies to the scope of one ksqlDB cluster. For the limit on the number of ksqlDB clusters, see Organization scope.
| Resource | Quota (default) | Quota code (ID) | Usage data available |
|---|---|---|---|
| CSUs | 12 | n/a | |
| Persistent queries | 40 | n/a |