Access Transparency on Confluent Cloud¶
Note
Limited Availability
Access Transparency is in Limited Availability to Confluent customers as a fully supported feature and recommended for production use. To get access, contact Confluent Support.
Access Transparency is a Confluent Cloud feature that provides visibility into when your Dedicated Kafka clusters were accessed by Confluent personnel and why. This feature helps you maintain compliance with regulatory requirements and demonstrate proper governance controls.
Access Transparency provides the following capabilities:
- Real-time visibility into when Confluent personnel access your Dedicated Kafka clusters
- Comprehensive audit trails with detailed access information
- Regulatory compliance support for transparency requirements
- Integration with your existing SIEM and log management systems
Overview¶
Access Transparency provides near real-time visibility into when Confluent personnel access your Dedicated Kafka clusters, including:
- What activity was performed
- When the access occurred
- Why the access was necessary
- Where the access originated from (country/location)
This transparency helps you maintain compliance with various regulatory requirements and provides assurance that your data is being accessed only for legitimate operational purposes.
Requirements¶
To use Access Transparency, you must meet the following requirements:
- Premier support plan: You must be subscribed to the Premier support plan.
- Audit Logs enabled: You must be actively consuming Confluent Cloud audit logs (enabled by default).
- Explicit enablement: Access transparency logs are disabled by default and must be explicitly enabled.
- Support request: Request Access Transparency logging from Confluent Support.
- Dedicated Kafka clusters only: Available only on Dedicated Kafka clusters.
- Supported cloud service providers: Available on AWS, Azure, and Google Cloud.
Enable Access Transparency logging¶
To enable Access Transparency logging:
- Contact your account executive (AE) or Confluent Support.
- Request Access Transparency logs to be enabled in your organization.
- Ensure you have the Premier support plan.
Log fields¶
Access transparency logs include the following fields:
| Field | Description |
|---|---|
| Event ID | A unique number to identify each event |
| Timestamp | When the action happened |
| Employee job family | The job role of the Confluent employee |
| Location | Where the action was done (country) |
| Result | The outcome of the action |
Event type¶
Access transparency logs are generated with the event type:
io.confluent.cloud/access-transparency
Event method¶
The following event method is used for Access Transparency:
| Method name | Description |
|---|---|
confluent.privileged.access |
Generated when Confluent personnel access your Dedicated Kafka cluster for support, maintenance, or other operational purposes. |
Note
There are no failure logs for Access Transparency events. Only successful access events are logged.
For details about the Access Transparency event methods, see Access Transparency Auditable Event Methods.
Consume Access Transparency logs¶
To consume Access Transparency logs:
- Ensure you have the Premier support plan.
- Contact Confluent Support to enable Access Transparency logs.
- Use the same audit log consumption methods you use for regular audit logs.
- Filter for events with type
io.confluent.cloud/access-transparency.
For detailed information about the event structure and examples, see Access Transparency Auditable Event Methods.
Use cases¶
Access Transparency is particularly valuable for:
- Compliance Requirements: Meeting regulatory requirements that mandate transparency into data access, including DORA, FCA/PRA, BaFin, APRA, and other financial services regulations.
- Security Auditing: Maintaining detailed audit trails of all access to your infrastructure for security monitoring and incident response.
- Trust and Transparency: Building trust with customers by providing visibility into operational access and demonstrating proper governance controls.
- Incident Investigation: Understanding what actions were taken during support incidents to facilitate root cause analysis and resolution.