Connect to Apache Kafka from a different machine or network

IMPORTANT: We strongly discourage opening ports to allow inbound connections to the server from a different network. Making the application’s network ports public is a significant security risk. The recommended way for connecting two instances deployed in different networks is by using VPC network peering. If you must make it accessible over a public IP address, we recommend restricting access to a trusted list of source IP addresses and ports using firewall rules. To do so, follow the instructions below.

Connect from the same network

To connect to the Kafka cluster from the same network where is running, use a Kafka client and access the port 9092. You can find an example using the builtin Kafka client on the Kafka producer and consumer page.

NOTE: Remember that you can find the required configuration parameters in the /opt/bitnami/kafka/config/kafka_jaas.conf file. You can also need some parameters from /opt/bitnami/kafka/config/ in order to produce messages and from /opt/bitnami/kafka/config/ in order to consume them.

Connect from a different network

If you must connect to the database from a machine that it is not running in the same network as the Apache Kafka cluster, you can follow these approaches (these are shown in order of preference, from the most secure to the least recommended solution):

  • Option 1: Peer both virtual networks to secure the connections between the two instances. Learn how to connect instances in different networks using network peering.

  • Option 2: Create an SSH tunnel to connect the database console to perform administrative tasks using the primary host’s public IP address. Refer to the FAQ for more information on this.

    NOTE: You should only access the primary server using an SSH tunnel if you wish to temporarily connect to, or use, the Apache Kafka console. This approach is not recommended to permanently connect your application to the Apache Kafka cluster, as a connectivity failure in the SSH tunnel would affect your application’s functionality.

  • Option 3: Make the server publicly accessible and restrict access to a trusted list of source IP addresses using firewall rules. Refer to the FAQ for information on opening ports in the server firewall.

Last modification May 22, 2023