Configuring a PrivateLink Cluster
- AWS login
- Permissions to create VPCs
- Permissions to create EC2 instances
- Permission to create VPC endpoints
- Permission to create Route 53 records and hosted zones
- Confluent Cloud login
- Confluent Cloud CLI
Create a Confluent Cloud Private Link network.
- Log in to Confluent Cloud, and navigate to the Cloud-Networking Environment.
- Click Network Management -> Create your first network.
- Select AWS, and the cloud provider region where you created your VPC (us-east-2 in this example).
- Select PrivateLink, and leave the Zone Placement as is, and give the network a name.
- The network provisioning will take a few minutes to complete.
- Once the network is ready, click on its tile to manage it.
- Create a PrivateLink Access.
- Complete the details, using the account information for the VPC that you created earlier, and save the VPC Service Endpoint ID for future use.
- Once the PrivateLink Access is provisioned, in the AWS console, configure the endpoint.
- Edit the security group to add three inbound rules from the VPC CIDR on TCP ports 80, 443, and 9092.
Configure DNS to resolve the PrivateLink endpoints.
- Create a Route53 Hosted Zone, using the “DNS Domain” value from the Confluent Cloud Network Management UI.
- Create the record for all Zones endpoint; you can get the endpoint DNS names from the AWS console under the endpoint created earlier.
- Now create records for each Zonal endpoint. This can be tricky/confusing, so take your time and make sure you have the canonical and aliased AZ ID’s somewhere handy. You can get this information from the Subnets tab of the Endpoint screen in the AWS console.
Provision a cluster and validate connectivity from your EC2 instance to Confluent Cloud.
- Provision a multi-zone Confluent Cloud cluster.
- While the cluster is provisioning, install the confluent CLI on your EC2 instance. You may have to configure an Elastic IP for the instance so you can access it from your workstation.
- Test connectivity and DNS setup by issuing an NSLOOKUP and openssl commands.
Next, get some data in your cluster by creating a topic and a connector. You can only do this via the CLI on your EC2 instance unless you have a way to VPN into your VPC containing the PrivateLink endpoint.
- First, set the environment and cluster, create a topic and API key.
- Next, create the JSON file for the connector, an example JSON can be found here.
- Now, create the connector using the JSON file you created as input. You can also check the status of the connector provisioning.
- Next, test consumption from your cluster using the CLI.
Congratulations! You’ve successfully consumed data over the PrivateLink connection!
- First, delete the connector.
- Next, delete the topic and API key.
- From the UI, delete the cluster.
- Delete the PrivateLink access.
After the PrivateLink access is done deprovisioning, delete the network.
Next, delete the resources created in the AWS console, starting with the DNS entries and hosted zone.
- Next, release any Elastic IPs you created, and terminate the EC2 instance as well.
- Finally, delete the PrivateLink endpoints and the VPC itself.