Service accounts for topic owning institutions may be granted the ability to destroy and recreate their own topic(s) with the individual topic-scoped permissions CREATE and DELETE. This should be restricted to the staging cluster, in order to prevent service interruption on the production cluster.
It would be nice to implement this using terraform. But it is not necessary.
The topic admins should be encouraged to notify downstream consumers that the stage instance of the topic will be interrupted and reset. This is assumed with the staging cluster, but advance warning is helpful too.
Service accounts for topic owning institutions may be granted the ability to destroy and recreate their own topic(s) with the individual topic-scoped permissions
CREATE
andDELETE
. This should be restricted to the staging cluster, in order to prevent service interruption on the production cluster.It would be nice to implement this using terraform. But it is not necessary.
The topic admins should be encouraged to notify downstream consumers that the stage instance of the topic will be interrupted and reset. This is assumed with the staging cluster, but advance warning is helpful too.
More info on ACLs: https://docs.confluent.io/cloud/current/access-management/access-control/acl.html