Service Quotas API for Confluent Cloud¶
Use the Service Quotas API to discover default quota limits, applied quotas, and
your current usage of Confluent Cloud resources. You can query for quotas at different
scopes, like organization
, environment
, and Kafka cluster
.
Note
Some service quotas show only applied limits, not usage.
For more information on default limit values and usage availability, see Service Quotas for Confluent Cloud.
Important
The code examples below use jq
to filter and transform JSON data into a
more readable format. For more information, see jq (README).
Get an API key and secret¶
To communicate with the Service Quotas API, you need a Confluent Cloud API key (resource-scoped for resource management) and API secret. You can generate an API key pair by using the Confluent CLI or Cloud Console.
Log in by using the confluent login command with your credentials.
Run the following command to create the API key and secret.
confluent api-key create --resource cloud --description <key_description>
Your output should resemble:
It may take a couple of minutes for the API key to be ready. Save the API key and secret. The secret is not retrievable later. +---------+------------------------------------------------------------------+ | API Key | 4U5U9B0BIMPSXIXX | | Secret | 7oNqCMSI890Ay7CeGBoBDoBBsSttOMJ5oFUwwkhj7g7MlS3p01c99C6ao84pQb8X | +---------+------------------------------------------------------------------+
For more information, see Add an API key.
- In Cloud Console, open the Administration menu and click API keys, or go to https://confluent.cloud/settings/api-keys.
- Click Add key and follow the instructions.
For more information, see Manage API Keys in Confluent Cloud.
After you generate the API key and API secret, save them in a safe and secure location. All calls to the Quotas API require them for authentication.
Note
An API key resource-scoped for resource management is distinct from an API key resource-scoped for an Kafka cluster. You can’t use a cluster’s API key to call Confluent Cloud APIs.
Service Quotas API endpoints¶
You can query for limits that apply currently to the following scopes.
Scope parameter | Description |
---|---|
organization |
Limits applied to organizations |
user_account |
Limits for user accounts |
service_account |
Limits for service principal accounts |
environment |
Limits applied to environments in an organization |
kafka_cluster |
Limits applied to Kafka clusters |
network |
Limits applied to networks |
Access the Service Quotas API by making requests to the following endpoints.
- Scopes
Get the available scopes that quotas apply to.
https://api.confluent.cloud/service-quota/v1/scopes
- Organization
Get the limits that are applied to organizations.
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization
- Service account
Get the limits that are applied to service principal accounts.
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=service_account
- User account
Get the limits that are applied to user accounts.
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=user_account
- Environment
Get the limits that are applied to your environments.
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment
- Kafka Cluster
Get the limits that are applied to your Kafka clusters.
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=kafka_cluster
- Network
Get the limits that are applied to your networks.
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=network
Query a Service Quotas endpoint¶
Requests to the Service Quotas API have two possible request formats.
List of quotas: Use the following format to retrieve a list of applied quotas:
https://api.confluent.cloud/service-quota/v1/applied-quotas?<param1>=<value1>&<param2>=<value2>&...
For example, the following request gets a list of all applied quotas in your environment:
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment
List requests require the
scope
parameter and may have optional parameters, likepage_size
.Single quota: Use the following format to read a particular applied quota:
https://api.confluent.cloud/service-quota/v1/applied-quotas/<quota-id>?<param1>=<value1>&<param2>=<value2>&...
For example, to get the quota for the maximum number of Kafka clusters in a specific environment, provide the
kafka.max_kafka_clusters.per_env
quota ID and the environment ID:https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_kafka_clusters.per_env?environment=<env-id>
A request to read a specific quota must specify a combination of identifiers for the environment, cluster, or network, depending on the context.
In a command shell, you can access the endpoints by using the curl
command.
Use the API key and API secret that you saved earlier as the user name and
password for the --user
option. Remember to separate them with the :
character.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?<param1>=<value1>&<param2>=<value2>&...' \
--user '<api-key>:<api-secret>'
The response is JSON, so you can use tools like jq
to get the quota values
and metadata, like page tokens.
Note
- The Applied Quotas response objects have a field named
usage
that appears only if the requested quota supports usage data. If the quota doesn’t support usage data, nousage
attribute is returned in the response body.
Paged responses¶
For long lists of quotas, you can request paged responses. For example, the
following request specifies a page_size
of 2.
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization&page_size=2
The JSON response has a next
key that has a URL to request the next page of
results. The following command shows how to use jq
to extract the key so
you can use it in your next request.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization&page_size=2' \
--user '<api-key>:<api-secret>' \
| jq '.metadata | {next}'
Your output should resemble:
{
"next": "https://api.confluent.cloud/service-quota/v1/applied-quotas?page_token=eyBOB29wZSI6Im9yZ2FuaXphdGlvBiIsIklkIjoiaWFtLm1heF9rYWZrYV9jbHVzdGVycy5wZXJfb3JnIiwiRW52aXJvbm1lbnQiOiIiLCJLYWZrYUNsdXN0ZXIiOiIiLCJQYWdlU2l6ZSI6OiwiRW52aXJvbm1lbnRGaWx0ZXIiOiIiLCJDbHVzdGVyRmlsdGVyIjoiIn0="
}
Use the full next
URL in another request to get the next page:
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?page_token=eyBOB29wZSI6Im9yZ2FuaXphdGlvBiIsIklkIjoiaWFtLm1heF9rYWZrYV9jbHVzdGVycy5wZXJfb3JnIiwiRW52aXJvbm1lbnQiOiIiLCJLYWZrYUNsdXN0ZXIiOiIiLCJQYWdlU2l6ZSI6OiwiRW52aXJvbm1lbnRGaWx0ZXIiOiIiLCJDbHVzdGVyRmlsdGVyIjoiIn0=' \
--user '<api-key>:<api-secret>'
RBAC Model¶
If the API Key owner has the OrganizationAdmin
role, they can see all
available quotas.
If the API Key owner is an EnvironmentAdmin
, ClusterAdmin
, or
NetworkAdmin
, they can see only quotas that are relevant to the specific
environment, cluster, or network their roles allow them access to.
To query quotas from the user_account
or service_account
scope,
you must be an OrganizationAdmin
.
A user can only query quotas for their own user account.
The only way to query quotas for a group of service accounts is to make a GET call to the service_account endpoint, which returns the full list of quotas associated with each service account.
Example requests¶
The following example commands show how to query for many of the applied quota limits, but they don’t comprise an exhaustive list.
Filtering¶
- When querying quotas in the
kafka_cluster
scope, onlykafka_cluster
,environment
, andid
(quota code) filters can be specified. - When querying quotas in the
network
scope, onlynetwork
,environment
, andid
(quota code) filters can be specified. - When querying quotas in the
environment
scope, only theenvironment
andid
(quota code) filters can be specified. - When querying quotas in the
organization
,user_account
, orservice_account
scopes, only theid
(quota code) filter can be specified. - On a
LIST
call where theid
(quota code) filter value is valid, but not for the specified scope, the result is a400
error. - On a
LIST
call where theid
(quota code) filter is invalid, the result is a400
error.
Query for scopes¶
Run the following command to query for the available quota scopes.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/scopes' \
--user '<api-key>:<api-secret>'
| jq '.data[] | {id}'
Your output should resemble:
{
"id": "user_account"
}
{
"id": "service_account"
}
{
"id": "organization"
}
{
"id": "environment"
}
{
"id": "network"
}
{
"id": "kafka_cluster"
}
You use the id
string for the scope
parameter in requests to the
applied-quotas
endpoint. For example, the following request gets the
active quotas for your environments:
https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment
Organization quotas¶
The following table shows the quotas that you can get for the Organization scope. For default values, see Organization.
Quota (maximum number) | Service quotas code |
---|---|
Environments per organization | iam.max_environments.per_org |
RBAC role bindings (total) | iam.max_rbac_role_bindings_all_roles.per_org |
RBAC role bindings (with Kafka permissions) | iam.max_rbac_role_bindings.per_org_plus_envs |
Kafka clusters per organization | iam.max_kafka_clusters.per_org |
API keys per organization | iam.max_cloud_api_keys.per_org |
BYOK keys per organization | byok.max_keys.per_org |
User accounts per organization | iam.max_users.per_org |
Invitations per organization | iam.max_pending_invitations.per_org |
Service accounts per organization | iam.max_service_accounts.per_org |
Audit log consumer API keys per organization | iam.max_audit_log_api_keys.per_org |
Kafka cluster provisioning requests per day | kafka.max_kafka_creation.per_day |
The following command requests all of the quotas that apply to organizations.
Also, it uses jq
to filter the JSON response and show the display name,
ID, and current value for each quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=organization' \
--user '<api-key>:<api-secret>' \
| jq '.data[] | {display_name,id,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max BYOK keys per organization",
"id": "byok.max_keys.per_org",
"applied_limit": 20,
"usage": 5
}
{
"display_name": "Max Audit Log API Keys Per Organization",
"id": "iam.max_audit_log_api_keys.per_org",
"applied_limit": 2
}
{
"display_name": "Max Cloud API Keys Per Organization",
"id": "iam.max_cloud_api_keys.per_org",
"applied_limit": 1000,
"usage": 510
}
{
"display_name": "Max Environments Per Organization",
"id": "iam.max_environments.per_org",
"applied_limit": 25,
"usage": 11
}
{
"display_name": "Max Kafka Clusters Per Organization",
"id": "iam.max_kafka_clusters.per_org",
"applied_limit": 100,
"usage": 56
}
{
"display_name": "Max Service Accounts Per Organization",
"id": "iam.max_service_accounts.per_org",
"applied_limit": 100,
"usage": 83
}
{
"display_name": "Max Users Per Organization",
"id": "iam.max_users.per_org",
"applied_limit": 1000,
"usage": 753
}
{
"display_name": "Max Kafka Cluster Provisioning Requests Per Day",
"id": "kafka.max_kafka_creation.per_day",
"applied_limit": 10
}
Max BYOK keys per organization¶
The following command requests the byok.max_keys.per_org
quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/byok.max_keys.per_org' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit}'
Your output should resemble:
{
"display_name": "Max BYOK keys per organization",
"applied_limit": 20
}
Max API keys scoped for resource management for an organization¶
The following command requests the iam.max_cloud_api_keys.per_org
quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_org' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Cloud API Keys Per Organization",
"applied_limit": 1000,
"usage": 682
}
Max environments for an organization¶
The following command requests the iam.max_environments.per_org
quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_environments.per_org' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Environments Per Organization",
"applied_limit": 25,
"usage": 16
}
Max Kafka clusters for an organization¶
The following command requests the iam.max_kafka_clusters.per_org
quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_kafka_clusters.per_org' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Kafka Clusters Per Organization",
"applied_limit": 50,
"usage": 44
}
Max service accounts for an organization¶
The following command requests the iam.max_service_accounts.per_org
quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_service_accounts.per_org' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Service Accounts Per Organization",
"applied_limit": 100,
"usage": 83
}
Max user accounts for an organization¶
The following command requests the iam.max_users.per_org
quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_users.per_org' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Users Per Organization",
"applied_limit": 1000,
"usage": 753
}
Max pending invitations for an organization¶
The following command requests the iam.max_pending_invitations.per_org
quota.
Replace <api-key> and <api-secret> with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_pending_invitations.per_organization' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max pending invitations per organization",
"applied_limit": 150
}
Max audit log consumer API keys per organization¶
The following command requests the iam.max_audit_log_api_keys.per_org
quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_audit_log_api_keys.per_org' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit}'
Your output should resemble:
{
"display_name": "Max Audit Log API Keys Per Organization",
"applied_limit": 2
}
Max Kafka cluster provisioning requests per day¶
The following command requests the kafka.max_kafka_creation.per_day
quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_kafka_creation.per_day' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit}'
Your output should resemble:
{
"display_name": "Max Kafka Cluster Provisioning Requests Per Day",
"applied_limit": 10
}
Service account quotas¶
The following table shows the quotas that you can get for the Service account scope. For default values, see Service accounts.
Quota (maximum number) | Service Quotas code |
---|---|
Confluent Cloud API keys | iam.max_cloud_api_keys.per_service_account |
Kafka API keys | iam.max_cluster_api_keys.per_service_account |
The following command requests all of the quotas that apply to service accounts.
Also, it uses jq
to filter the JSON response and show the display name, ID,
and current value for each quota.
Note
- The response includes quotas for all service accounts.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=service_account' \
--user '<api-key>:<api-secret>' \
| jq '.data[] | {display_name,id,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Cloud API Keys Per Service Account",
"id": "iam.max_cloud_api_keys.per_service_account",
"applied_limit": 10,
"usage": 5
}
{
"display_name": "Max Kafka API Keys Per Service Account",
"id": "iam.max_cluster_api_keys.per_service_account",
"applied_limit": 10,
"usage": 8
}
Maximum API keys scoped for resource management per service account¶
The following command requests the iam.max_cloud_api_keys.per_service_account
quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_service_account' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Cloud API Keys Per Service Account",
"applied_limit": 100,
"usage": 50
}
Max Kafka API keys per service account¶
The following command requests the iam.max_cluster_api_keys.per_service_account
quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cluster_api_keys.per_service_account' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Kafka API Keys Per Service Account",
"applied_limit": 100,
"usage": 80
}
User account quotas¶
The following table shows the quotas that you can get for the User account scope. For default values, see User accounts.
Quota (maximum number) | Service Quotas code |
---|---|
Confluent Cloud API keys | iam.max_cloud_api_keys.per_user |
Cluster API keys | iam.max_cluster_api_keys.per_user |
The following command requests all of the quotas that apply to user accounts.
Also, it uses jq
to filter the JSON response and show the display name, ID,
and current value for each quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=user_account' \
--user '<api-key>:<api-secret>' \
| jq '.data[] | {display_name,id,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Cloud API Keys Per User",
"id": "iam.max_cloud_api_keys.per_user",
"applied_limit": 10,
"usage": 5
}
{
"display_name": "Max Cluster API Keys Per User",
"id": "iam.max_cluster_api_keys.per_user",
"applied_limit": 10,
"usage": 8
}
Maximum API keys scoped for resource management per user¶
The following command requests the iam.max_cloud_api_keys.per_user
quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_user' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Cloud API Keys Per User Account",
"applied_limit": 10,
"usage": 5
}
Max Cluster API keys per user¶
The following command requests the iam.max_cloud_api_keys.per_user
quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/iam.max_cloud_api_keys.per_user' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max Cluster API Keys Per User Account",
"applied_limit": 10,
"usage": 8
}
Environment quotas¶
The following table shows the quotas that you can get for the Environment scope. For default values, see Environments.
Quota (maximum number) | Service Quotas code |
---|---|
Kafka clusters per environment | kafka.max_kafka_clusters.per_env |
Pending Kafka clusters per environment | kafka.max_pending_kafka_clusters.per_env |
Kafka cluster CKUs per environment | kafka.max_ckus.per_env |
ksqlDB clusters per environment | ksql.max_apps.per_env |
The following command requests all of the quotas that are active in your
environment. Also, it uses jq
to filter the JSON response and show the
display name, ID, and current value for each quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=environment' \
--user '<api-key>:<api-secret>' \
| jq '.data[] | .environment.kind,.environment.id,{display_name,id,applied_limit,usage}'
Your output should resemble:
"Environment"
"env-abc123"
{
"display_name": "Max Kafka Cluster CKUs Per Environment",
"id": "kafka.max_ckus.per_env",
"applied_limit": 50,
"usage": 30
}
"Environment"
"env-abc123"
{
"display_name": "Max Kafka Clusters Per Environment",
"id": "kafka.max_kafka_clusters.per_env",
"applied_limit": 20,
"usage": 10
}
"Environment"
"env-abc123"
{
"display_name": "Max Pending Kafka Clusters Per Environment",
"id": "kafka.max_pending_kafka_clusters.per_env",
"applied_limit": 3
}
"Environment"
"env-abc123"
{
"display_name": "Max Ksql Apps Per Environment",
"id": "ksql.max_apps.per_env",
"applied_limit": 3
}
"Environment"
"env-abc123"
{
"display_name": "Max network per environment",
"id": "networking.max_network.per_environment",
"applied_limit": 3,
"usage": 1
}
Get your environment ID¶
Environment quota endpoints require the environment ID. You can get it from
the Cloud Console, or you can use the confluent environment list
command.
Run the following command to get a list of your Confluent Cloud environments.
confluent environment list
Your output should resemble:
Id | Name
---------------+----------
* env-abc123 | default
In Cloud Console, open the Administration menu and click Settings, or go to https://confluent.cloud/settings/user-settings/identity.
Click Access, and in the Organization list, click your environment. The environment ID is shown in the details pane.
Save the environment ID in a safe and secure location.
Max clusters for an environment¶
The following command requests the kafka.max_kafka_clusters.per_env
quota.
Replace <env-id>
, <api-key>
, and <api-secret>
with the values you
saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_kafka_clusters.per_env?environment=<env-id>' \
--user '<api-key>:<api-secret>' \
| jq '.environment.kind,.environment.id,{display_name,applied_limit,usage}'
Your output should resemble:
"Environment"
"env-abc123"
{
"display_name": "Max Kafka Clusters Per Environment",
"applied_limit": 20,
"usage": 10
}
Max cluster CKUs for an environment¶
The following command requests the kafka.max_ckus.per_env
quota.
Replace <env-id>
, <api-key>
, and <api-secret>
with the values you
saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_ckus.per_env?environment=<env-id>' \
--user '<api-key>:<api-secret>' \
| jq '.environment.kind,.environment.id,{display_name,applied_limit,usage}'
Your output should resemble:
"Environment"
"env-abc123"
{
"display_name": "Max Kafka Cluster CKUs Per Environment",
"applied_limit": 50,
"usage": 30
}
Max pending clusters for an environment¶
The following command requests the kafka.max_pending_kafka_clusters.per_env
quota. Replace <env-id>
, <api-key>
, and <api-secret>
with the values
you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_pending_kafka_clusters.per_env?environment=<env-id>'
--user '<api-key>:<api-secret>' \
| jq '.environment.kind,.environment.id,{display_name,applied_limit}'
Your output should resemble:
"Environment"
"env-abc123"
{
"display_name": "Max Pending Kafka Clusters Per Environment",
"applied_limit": 3
}
Max ksqlDB clusters for an environment¶
The following command requests the ksql.max_apps.per_env
quota. Replace <env-id>
, <api-key>
, and <api-secret>
with the
values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/ksql.max_apps.per_env?environment=<env-id>'
--user '<api-key>:<api-secret>' \
| jq '.environment.kind,.environment.id,{display_name,applied_limit}'
Your output should resemble:
"Environment"
"env-abc123"
{
"display_name": "Max Ksql Apps Per Environment",
"applied_limit": 10
}
Kafka cluster quotas¶
The following table shows the quotas that you can get for the Kafka cluster scope. For default values, see Kafka clusters.
Quota (maximum number) | Service Quotas code |
---|---|
(Dedicated) Kafka API keys | kafka.max_api_keys.per_cluster |
(Enterprise) Kafka API keys | kafka.max_api_keys.per_cluster |
(Standard) Kafka API keys | kafka.max_api_keys.per_cluster |
(Basic) Kafka API keys | kafka.max_api_keys.per_cluster |
Accounts that can create PrivateLink connections to the cluster | kafka.max_private_links.per_cluster |
Peering connections | kafka.max_peering.per_cluster |
CKUs | kafka.max_ckus.per_cluster |
RBAC role bindings (with Kafka permissions) | iam.max_rbac_role_bindings.per_cluster |
Note
- The API keys quotas include keys owned by user accounts and by service accounts.
- The response includes quotas for all clusters.
The following command requests all of the quotas that apply to Kafka clusters.
Also, it uses jq
to filter the JSON response and show the display name,
ID, and current value for each quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=kafka_cluster' \
--user '<api-key>:<api-secret>' \
| jq '.data[] | {display_name,id,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max API Keys Per Kafka Cluster",
"id": "kafka.max_api_keys.per_cluster",
"applied_limit": 100,
"usage": 50
}
{
"display_name": "Max CKUs Per Kafka Cluster",
"id": "kafka.max_ckus.per_cluster",
"applied_limit": 4,
"usage": 2
}
{
"display_name": "Max Peering Connections Per Kafka Cluster",
"id": "kafka.max_peering.per_cluster",
"applied_limit": 5
}
{
"display_name": "Max Private Links Per Kafka Cluster",
"id": "kafka.max_private_links.per_cluster",
"applied_limit": 10
}
Get the Kafka cluster ID¶
The Kafka cluster quotas require a cluster ID parameter. Open the
Cluster settings page in Confluent Cloud, or use the following ccloud
command to get your cluster ID.
confluent kafka cluster list
Your output should resemble:
Id | Name | Type | Cloud | Region | Availability | Status
+--------------+-----------+-------+----------+-------------+--------------+--------+
* lkc-xxxxxx | cluster_0 | BASIC | gcp | us-central1 | single-zone | UP
In this example, the cluster ID is lkc-xxxxxx
.
Max API keys per Kafka cluster¶
The following command requests the kafka.max_api_keys.per_cluster
quota.
Replace <api-key>
and <api-secret>
with the values you saved earlier.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_api_keys.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
--user '<api-key>:<api-secret>' \
| jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit,usage}'
Your output should resemble:
"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
"display_name": "Max API Keys Per Kafka Cluster",
"id": "kafka.max_api_keys.per_cluster",
"applied_limit": 20,
"usage": 10
}
Max private links per Kafka cluster¶
The following command requests the kafka.max_private_links.per_cluster
quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_private_links.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
--user '<api-key>:<api-secret>' \
| jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'
Your output should resemble:
"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
"display_name": "Max Private Links Per Kafka Cluster",
"id": "kafka.max_private_links.per_cluster",
"applied_limit": 10
}
Max peering connections per Kafka cluster¶
The following command requests the kafka.max_peering.per_cluster
quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_peering.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
--user '<api-key>:<api-secret>' \
| jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'
Your output should resemble:
"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
"display_name": "Max Peering Connections Per Kafka Cluster",
"id": "kafka.max_peering.per_cluster",
"applied_limit": 5
}
Max CKUs per Kafka cluster¶
The following command requests the kafka.max_ckus.per_cluster
quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/kafka.max_ckus.per_cluster?scope=kafka_cluster&environment=<env-id>&kafka_cluster=<cluster-id>' \
--user '<api-key>:<api-secret>' \
| jq '.environment.kind,.environment.id,.kafka_cluster.kind,.kafka_cluster.id,{display_name,id,applied_limit}'
Your output should resemble:
"Environment"
"env-abc123"
"Cluster"
"lkc-xxxxxx"
{
"display_name": "Max CKUs Per Kafka Cluster",
"id": "kafka.max_ckus.per_cluster",
"applied_limit": 4
}
Network quotas¶
The following table shows the quotas that you can get for the Network scope. For default values, see Networks.
Quota (maximum number) | Quotas service code |
---|---|
Number of peering connections per network | networking.max_peering.per_network |
Number of private link connections per network | networking.max_private_link.per_network |
Number of transit gateway attachments per network | networking.max_transit_gateway.per_network |
The following command requests all of the quotas that apply to a network.
Also, it uses jq
to filter the JSON response and show the display name, ID,
and current value for each quota.
Note
- The response includes quotas for all networks.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas?scope=network' \
--user '<api-key>:<api-secret>' \
| jq '.data[] | .environment.kind,.environment.id,{display_name,id,applied_limit}'
Your output should resemble:
"Environment"
"env-abc123"
{
"display_name": "Max peering per network",
"id": "networking.max_peering.per_network",
"applied_limit": 25
}
"Environment"
"env-abc123"
{
"display_name": "Max private link per network",
"id": "networking.max_private_link.per_network",
"applied_limit": 10
}
"Environment"
"env-abc123"
{
"display_name": "Max transit gateway per network",
"id": "networking.max_transit_gateway.per_network",
"applied_limit": 1
}
Max peering connections per network¶
The following command requests the networking.max_peering.per_network
quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/networking.max_peering.per_network?scope=network&environment=<env-id>&network=<network-id>' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max peering per network",
"applied_limit": 25,
"usage": 10
}
Max private link connections per network¶
The following command requests the networking.max_private_link.per_network
quota.
curl --request GET \
--url 'https://api.confluent.cloud/service-quota/v1/applied-quotas/networking.max_private_link.per_network?scope=network&environment=<env-id>&network=<network-id>' \
--user '<api-key>:<api-secret>' \
| jq '{display_name,applied_limit,usage}'
Your output should resemble:
{
"display_name": "Max private link per network",
"applied_limit": 10,
"usage": 5
}