How OAuth JWT claims attribute is intract with Confluent Cloud Service Account

Hi Team,

How OAuth Service account gain the ACL/RBAC role to perform resource specific operation in Confluent Clount ( like Topic creation )

Objective would be - Create a devOps pipeline to securely interact with CC cluster using GCP OAuth Service Account (signed JWT token) and perform cluster creation, identity provider and identity pool and then Topic creation…

first three steps are successfully executed ( cluster creation, identity provider and identity pool ) and topic creation is getting failed due to “Authorization failed”. If I assign manually RBAC role to identity pool then it execute successfully but I need this to be perform by automated way like by scripts.

Note - no service account is created in CC side.

I think, something is missing here, so it would be really great help if you suggest me or provide some related documentation.


Hi @ajaykumar2014 ,

You can use the Confluent CLI to make the role assignment with the principal specified as User:<Identity Pool ID>. For example:

confluent iam rbac role-binding create --principal User:pool-1234 --environment env-123456 --role EnvironmentAdmin


1 Like