Creating a PCI Compliant Apache Kafka Cluster
The PCI compliance standards relate to the security of user data and transactional information. Customers who require their application to be PCI compliant, or would like to take advantage of its additional security features, can choose to create a PCI compliant Apache Kafka Cluster. You can read more about PCI and our support for it here.
Note: Enabling PCI causes extra logging to occur, for example, to track every action taken by any user. It also activates some OS level security features. Both of these end up having an impact on the performance of the cluster. This should be insignificant in most cases; however, it is recommended you test the performance of your cluster in a non-production environment to ensure any impacts from enabling PCI are acceptable.
Table of Contents
Enable PCI Compliance - Account Security Settings
Before creating an PCI cluster, we need to enable PCI compliance on the account. Navigate to Account Settings under the Settings Cog in the top right of Console. Then select the Security tab.
Select the checkbox under PCI Compliance to make your account PCI compliant. This allows you to access the requirements for using PCI with a cluster.
Note: PCI compliance relies on multi-user access, so we require having 2 account owners in case of loss of access for one person. This satisfies the first section of the PCI requirements.
Creating a Cluster
You can continue with the Console Interface to provision a PCI compliant cluster or alternatively you can use the Instaclustr Provisioning API.
Navigate to the Create Cluster wizard and create a cluster according to your requirements but be sure to enable the PCI Compliance Mode checkbox under Enterprise features. You can refer to our support article on Creating an Apache Kafka Cluster for more information.
Currently, PCI compliance mode is only available for Apache Cassandra, Apache Kafka, OpenSearch, and Redis as the base application, and Amazon Web Services as the infrastructure provider.
Transitioning an Existing Cluster
If you are looking to transition an existing cluster to become PCI compliant, or have additional questions around our PCI compliant clusters, please contact the Instaclustr Support Team.