confluent_peering
provides a Peering resource that enables creating, editing, and deleting Peerings on Confluent Cloud.
resource "confluent_environment" "development" {
display_name = "Development"
}
resource "confluent_network" "aws-peering" {
display_name = "AWS Peering Network"
cloud = "AWS"
region = "us-east-2"
cidr = "10.10.0.0/16"
connection_types = ["PEERING"]
environment {
id = confluent_environment.development.id
}
lifecycle {
prevent_destroy = true
}
}
resource "confluent_peering" "aws" {
display_name = "AWS Peering"
aws {
account = "012345678901"
vpc = "vpc-abcdef0123456789a"
routes = ["172.31.0.0/16"]
customer_region = "us-east-2"
}
environment {
id = confluent_environment.development.id
}
network {
id = confluent_network.aws-peering.id
}
lifecycle {
prevent_destroy = true
}
}
resource "confluent_environment" "development" {
display_name = "Development"
}
resource "confluent_network" "azure-peering" {
display_name = "Azure Peering Network"
cloud = "AZURE"
region = "centralus"
cidr = "10.10.0.0/16"
connection_types = ["PEERING"]
environment {
id = confluent_environment.development.id
}
lifecycle {
prevent_destroy = true
}
}
resource "confluent_peering" "azure" {
display_name = "Azure Peering"
azure {
tenant = "1111tttt-1111-1111-1111-111111tttttt"
vnet = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-rg/providers/Microsoft.Network/virtualNetworks/my-vnet"
customer_region = "centralus"
}
environment {
id = confluent_environment.development.id
}
network {
id = confluent_network.azure-peering.id
}
lifecycle {
prevent_destroy = true
}
}
resource "confluent_environment" "development" {
display_name = "Development"
lifecycle {
prevent_destroy = true
}
}
resource "confluent_network" "gcp-peering" {
display_name = "GCP Peering Network"
cloud = "GCP"
region = "us-west4"
cidr = "10.10.0.0/16"
connection_types = ["PEERING"]
environment {
id = confluent_environment.development.id
}
lifecycle {
prevent_destroy = true
}
}
resource "confluent_peering" "gcp" {
display_name = "GCP Peering"
gcp {
project = "temp-gear-123456"
vpc_network = "customer-test-vpc-network"
customer_region = "us-west4"
}
environment {
id = confluent_environment.development.id
}
network {
id = confluent_network.gcp-peering.id
}
lifecycle {
prevent_destroy = true
}
}
The following arguments are supported:
display_name
- (Optional String) The name of the Peering.environment
(Required Configuration Block) supports the following:
id
- (Required String) The ID of the Environment that the Peering belongs to, for example, env-abc123
.network
(Required Configuration Block) supports the following:
id
- (Required String) The ID of the Network that the Peering belongs to, for example, n-abc123
.aws
- (Optional Configuration Block) The AWS-specific Peering details if available. It supports the following:
account
- (Required String) The AWS Account ID of the peer VPC owner. You can find your AWS Account ID here under My Account section of the AWS Management Console. Must be a 12 character string.vpc
- (Required String) The AWS VPC ID of the peer VPC that you're peering with Confluent Cloud. You can find your AWS VPC ID here under Your VPCs section of the AWS Management Console. Must start with vpc-
.routes
- (Required String) The AWS VPC CIDR blocks or subsets. This must be from the supported CIDR blocks and must not overlap with your Confluent Cloud CIDR block or any other network peering connection VPC CIDR (learn more about the requirements here). You can find AWS VPC CIDR here under Your VPCs -> Target VPC -> Details section of the AWS Management Console.customer_region
- (Required String) The region of the AWS peer VPC.azure
- (Optional Configuration Block) The Azure-specific Peering details if available. It supports the following:
tenant
- (Required String) The Tenant ID that represents an organization in Azure Active Directory. You can find your Azure Tenant ID in the Azure Portal under Azure Active Directory. Must be a valid 32 character UUID string.vnet
- (Required String) The resource (composite) ID of the peer Virtual Network that you're peering with Confluent Cloud, in the format /subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.Network/virtualNetworks/<VNet name>
. You can find Subscription ID, Resource Group Name and your VNet name under Virtual Networks -> Target VNet -> Essentials section of your Microsoft Azure Portal.customer_region
- (Required String) The region of the Azure peer VNet.gcp
- (Optional Configuration Block) The Azure-specific Peering details if available. It supports the following:
project
- (Required String) The GCP Project ID. You can find your Google Cloud Project ID under Project ID section of your Google Cloud Console dashboard.vpc_network
- (Required String) The VPC network name that you're peering to Confluent Cloud. You can find your VPC network name under VPC Networks section of your Google Cloud Console.import_custom_routes
- (Optional Boolean) The Import Custom Routes option enables connectivity to a Confluent Cloud cluster in Google Cloud from customer premise or other clouds, such as AWS and Azure, through a customer VPC that is peered with Confluent Cloud in the same region. Defaults to false
. Learn more about considerations / limitations of the Import Custom Routes option here.In addition to the preceding arguments, the following attributes are exported:
id
- (Required String) The ID of the Peering, for example, peer-abc123
.You can import a Peering by using Environment ID and Peering ID, in the format <Environment ID>/<Peering ID>
. The following example shows how to import a Peering:
$ export CONFLUENT_CLOUD_API_KEY="<cloud_api_key>"
$ export CONFLUENT_CLOUD_API_SECRET="<cloud_api_secret>"
$ terraform import confluent_peering.my_peer env-abc123/peer-abc123
The following end-to-end examples might help to get started with confluent_peering
resource:
dedicated-vnet-peering-azure-kafka-acls
: _Dedicated_ Kafka cluster on Azure that is accessible via VPC Peering connections with authorization using ACLsdedicated-vnet-peering-azure-kafka-rbac
: _Dedicated_ Kafka cluster on Azure that is accessible via VPC Peering connections with authorization using RBACdedicated-vpc-peering-aws-kafka-acls
: _Dedicated_ Kafka cluster on AWS that is accessible via VPC Peering connections with authorization using ACLsdedicated-vpc-peering-aws-kafka-rbac
: _Dedicated_ Kafka cluster on AWS that is accessible via VPC Peering connections with authorization using RBACdedicated-vpc-peering-gcp-kafka-acls
: _Dedicated_ Kafka cluster on GCP that is accessible via VPC Peering connections with authorization using ACLsdedicated-vpc-peering-gcp-kafka-rbac
: _Dedicated_ Kafka cluster on GCP that is accessible via VPC Peering connections with authorization using RBACdedicated-transit-gateway-attachment-aws-kafka-acls
: _Dedicated_ Kafka cluster on AWS that is accessible via Transit Gateway Endpoint with authorization using ACLsdedicated-transit-gateway-attachment-aws-kafka-rbac
: _Dedicated_ Kafka cluster on AWS that is accessible via Transit Gateway Endpoint with authorization using RBACenterprise-privatelinkattachment-aws-kafka-acls
: _Enterprise_ Kafka cluster on AWS that is accessible via PrivateLink connections with authorization using ACLs