Skip to main content

Private networking between Polaris and Confluent Cloud

Imply Polaris ingests data from publicly available sources by default. For cases where network traffic cannot traverse over the public internet, either due to configuration or security requirements, Polaris offers several private connectivity options. This topic covers private networking between Polaris and a Dedicated Confluent Cloud cluster through AWS PrivateLink or Azure Private Link.

For information about private networking between Polaris and AWS and Polaris and Azure, see AWS private networking options and Azure private networking options.

AWS PrivateLink allows you to establish a secure connection between Polaris and a Dedicated Confluent Cloud cluster in your Confluent Cloud network on AWS.

Prerequisites

Before you establish a secure connection through AWS PrivateLink, ensure that you have the following:

  1. AWS Confluent Cloud network with PrivateLink connectivity type. For more information, see Create Confluent Cloud Network on AWS in the Confluent documentation.
  2. The 12-digit AWS account ID for Polaris. You must specify this value when adding a PrivateLink access to the Confluent Cloud network. For more information, see Add a PrivateLink access in Confluent Cloud in the Confluent documentation. To obtain the AWS account ID for Polaris, contact Polaris support.

General workflow

The following is the general workflow to establish a private connection from Confluent Cloud to Polaris over AWS PrivateLink:

  1. Set up a Dedicated Confluent Cloud cluster in your Confluent Cloud network on AWS. For more information, see Create Confluent Cloud Network on AWS in the Confluent documentation.
  2. Set up AWS PrivateLink to use with Confluent Cloud. For more information, see Use AWS PrivateLink with Confluent Cloud in the Confluent documentation.
  3. Provide the AWS PrivateLink endpoint service configuration information to Polaris support. Polaris must subscribe to the AWS PrivateLink endpoint service.
  4. Polaris sets up a private DNS zone for the Polaris Shared VPC, adding a DNS A record to point each Kafka broker's DNS to the dedicated AWS PrivateLink endpoint for that broker.

Polaris requirements

Polaris must subscribe to your Confluent Cloud AWS PrivateLink endpoint service to establish a private connection. Contact Polaris support with the following information from your AWS PrivateLink setup:

  • VPC endpoint service name: Name of each endpoint service to subscribe to. For example: com.amazonaws.vpce.us-east-1.vpce-svc-012345678910ec.
  • Availability zone ID: Availability zone ID where the endpoint service is running. For example: use1-az1, use1-az2, use1-az3.
  • Broker domain: Confluent Cloud DNS domain name for each Kafka broker. For example: *.k454d17.us-east-1.aws.confluent.cloud.

Azure Private Link allows you to establish a secure connection between Polaris and a Dedicated Confluent Cloud cluster in your Confluent Cloud network on Azure.

Prerequisites

Before you establish a secure connection through Azure Private Link, ensure that you have the following:

  1. Azure Confluent Cloud network with Private Link connectivity type. For more information, see Create Confluent Cloud Network on Azure in the Confluent documentation.
  2. The Azure subscription ID for Polaris. You must specify this value when adding a Private Link access to the Confluent Cloud network. For more information, see Add a Private Link access in Confluent Cloud in the Confluent documentation. To obtain the Azure subscription ID for Polaris, contact Polaris support.

General workflow

  1. Set up a Dedicated Confluent Cloud cluster in your Confluent Cloud network on Azure. For more information, see Create Confluent Cloud Network on Azure in the Confluent documentation.
  2. Set up Azure Private Link to use with Confluent Cloud. For more information, see Use Azure Private Link with Confluent Cloud in the Confluent documentation.
  3. Provide the Azure Private Link service configuration information to Polaris support. Polaris must subscribe to the Azure Private Link service.
  4. Polaris sets up a private DNS zone for the Polaris VNet, adding a DNS A record to point each Kafka broker's DNS to the dedicated Azure Private Link service for that broker.

Polaris requirements

Polaris must subscribe to your Confluent Cloud Azure Private Link service to establish a private connection. Contact Polaris support with the following information from your Azure Private Link setup:

  • Resource ID or service alias: Resource ID or service alias (preferred) for each Azure Private Link service. For example: s-d1vba-privatelink-1.123abc12-xxxx-0000-xxxx-abc123efg456.eastus.azure.privatelinkservice.
  • Availability zone ID: Availability zone ID where the service is running. Provide an availability zone for each Azure Private Link service. For example: az1, az2, az3.
  • Broker domain: Confluent Cloud DNS domain name for each Kafka broker. For example: *.gpfh1hxxx.eastus.azure.confluent.cloud.