Private networking between Polaris and Confluent Schema Registry

Confluent Cloud Schema Registry (Confluent Schema Registry) is a managed service by Confluent for storing and managing schemas for Apache Kafka topics.

By default, the connection between Confluent Schema Registry and Imply Polaris traverses over the public internet. If your network traffic cannot egress to the public internet, you can use AWS PrivateLink to establish a private connection between Confluent Schema Registry and Polaris within your AWS Confluent Cloud network. When you connect to Polaris through AWS PrivateLink, all interactions with Confluent Schema Registry happen over a private network.

This topic explains how to establish a private connection from Confluent Schema Registry to Polaris through AWS PrivateLink. For information about private networking between Polaris and Confluent Cloud, see Confluent Cloud.

The screen capture and instructions in this topic reflect the Confluent Schema Registry configurations as of November 2024. They may not represent the current state of the product.

info

All traffic that flows through AWS PrivateLink incurs interface endpoint expenses. For information on interface endpoint pricing, see AWS PrivateLink pricing.

Prerequisites

Before you proceed, ensure that you have the following:

• AWS Confluent Cloud network with PrivateLink connectivity type. For more information, see Create Confluent Cloud Network on AWS in the Confluent documentation.
• Confluent Schema Registry provisioned and enabled in your AWS Confluent Cloud network. For information on how to enable Confluent Schema Registry, see Quick Start for Schema Management on Confluent Cloud in the Confluent documentation.
• The 12-digit AWS account ID associated with Polaris. To obtain the AWS account ID, contact Polaris support. You use the ID to register the Polaris AWS account within the Confluent Cloud network. This enables Polaris to initiate an AWS PrivateLink connection to your Confluent Cloud cluster.

Set up a private connection

To set up a private connection from Confluent Schema Registry to Polaris over AWS PrivateLink, follow these steps:

1. In your AWS Confluent Cloud network, register the Polaris AWS account ID by creating a PrivateLink Access service. This allows Polaris to initiate an AWS PrivateLink connection. For more information, see Add a PrivateLink access in Confluent Cloud in the Confluent documentation. The following screen capture shows an AWS PrivateLink Access connection for a Confluent Cloud cluster:
2. Contact Polaris support to complete the setup. Polaris support requires the following information about your Confluent Cloud network to subscribe to the AWS PrivateLink endpoint service:
   • VPC endpoint service name: Name of the endpoint service to subscribe to. For example: com.amazonaws.vpce.us-east-1.vpce-svc-012345678910abcde.
   • Availability zone ID: Availability zone ID where the endpoint service is running. For example: use1-az1, use1-az2, use1-az3.
   • Endpoint URL: Confluent Schema Registry endpoint. For example: https://psrc-0abc1.us-east-1.aws.confluent.cloud.
3. After Polaris support completes the setup, you can create a connection to use with a streaming ingestion source as described in Connect to Confluent Schema Registry.

Learn more

See the following topics for more information:

• Create a connection
• Connect to Confluent Schema Registry
• Guide for Confluent Cloud ingestion with Confluent Schema Registry