New in Redpanda Cloud: automation, security, and connectivity

Not every release needs to be flashy to be foundational. While buzzwords and UI updates tend to dominate product announcements, the true enablers of scale, security, and operational efficiency are often the least visible. These are the upgrades that SREs notice, platform teams depend on, and enterprise customers can’t live without. High-impact features that keep your data flowing, your deployments reproducible, and your compliance auditors happy.

From deeper Apache Iceberg™ integrations and a fully-GA Cloud API to Terraform support, this release is all about helping your teams move faster, reduce toil, and future proof your streaming workloads.

Here's the lineup for our Redpanda Cloud update:

SRE approved: Automate all the things

• Cloud API GA
• Terraform provider GA

Platform team power plays: Do more with less

• Double partition density

Enterprise-grade: Security, compliance, and integration 

• Enhanced RBAC
• BigQuery sink connector certification
• Redpanda Connect Certified on BYOVPC (GCP and AWS)

You can also check out more on What's New in Redpanda Cloud in our docs.

‍

SRE approved: Automate all the things

Cloud API generally available: no more ClickOps

We introduced the Cloud API in beta last June, and today, we're thrilled to announce its General Availability! During the Beta period, we partnered closely with early adopters who put the API through real-world use across diverse workloads. This direct feedback surfaced edge cases, performance bottlenecks, and usability improvements that helped us refine the experience. 

But we didn’t stop there. We made the API broadly available, and customers responded, issuing nearly 51 million API calls that hammered the system. Customers told us what matters to their workloads. This signal was critical—not just for improving stability, but for ensuring the API is production-ready, intuitive to use, and built to evolve without breaking existing integrations.

Let the Redpanda Cloud API give you programmatic superpowers over your streaming data while keeping things simple, scalable, and lightning-fast.

With just a few API calls, you can:

• Spin up and down clusters: Create topics, manage users, and configure ACLs
• Manage connectors: Start, stop, and configure Redpanda Connect pipelines — including a range of AI processors for Ollama, OpenAI, Vertex AI, and more — without the friction of manual setup.
• Configure data transforms: Customize single-message data transformations directly in the broker, and intelligently "shift left" for semantic validation and app-specific logic.
• Access audit logging: Quickly grab audit data for easier compliance reporting.

For teams using infrastructure-as-code (IaC), the API integrates cleanly with tools like Terraform to enable declarative, repeatable workflows. In short: no more clicking around in dashboards when a simple script will do.

To get started, you can use the Control Plane API to access clusters in your account, like so:

https://api.redpanda.com/v1/clusters

To access details for an individual cluster, you'll use the Data Plane API. For example, to get a list of users for a particular cluster:

https://api-aeb32d9b.cn20bu40d061nvem7sv0.fmc.prd.cloud.redpanda.com/v1/users

With the announcement of General Availability the Cloud Control Plane API versions v1beta1 and v1beta2, and Data Plane API versions v1alpha1 and v1alpha2 are now being marked as deprecated. These API versions will have an end-of-support date of Nov 28th, 2025 and a retirement date of May 28th, 2026. See the deprecation notice for more information.

Learn more in our Cloud API overview. Then put your cloud on autopilot by exploring the Cloud API docs and Cloud API reference.

Terraform provider generally available: end-to-end cluster lifecycle

Redpanda’s Terraform provider is now generally available, and it supports full cluster lifecycle automation for both BYOC and BYOVPC (AWS and GCP) deployments using the GA Cloud API. 

With this release, platform teams can:

• Provision or destroy Redpanda clusters as part of their Terraform pipelines
• Apply cloud-native guardrails to infrastructure changes
• Automate configuration changes, such as updating partition counts per topic 

Below is an example of deploying a new Redpanda BYOC cluster with its own resource group and network on AWS using a simple Terraform file.

terraform {
  required_providers {
    redpanda = {
      source  = "redpanda-data/redpanda"
      version = "~> 0.10.1"
    }
  }
}

# Variables to parameterize the configuration
variable "resource_group_name" {
  description = "Name of the Redpanda resource group"
  default     = "redpanda-tf-rg"
}

variable "network_name" {
  description = "Name of the Redpanda network"
  default     = "redpanda-tf-network"
}

variable "cluster_name" {
  description = "Name of the Redpanda BYOC cluster"
  default     = "redpanda-tf-cluster"
}

variable "region" {
  description = "Region for the Redpanda network and cluster"
  default     = "us-east-2"
}

variable "cloud_provider" {
  description = "Cloud provider for the Redpanda network"
  default     = "aws"
}

variable "zones" {
  description = "List of availability zones for the cluster"
  type        = list(string)
  default     = ["use2-az1", "use2-az2", "use2-az3"]
}

variable "cidr_block" {
  description = "CIDR block for the Redpanda network"
  default     = "10.0.0.0/20"
}

variable "throughput_tier" {
  description = "Throughput tier for the cluster"
  default     = "tier-1-aws-v3-arm"
}

# Create a Redpanda resource group
resource "redpanda_resource_group" "test" {
  name = var.resource_group_name
}

# Create a Redpanda network
resource "redpanda_network" "test" {
  name              = var.network_name
  resource_group_id = redpanda_resource_group.test.id
  cloud_provider    = var.cloud_provider
  region            = var.region
  cluster_type      = "byoc"  # Specify BYOC cluster type
  cidr_block        = var.cidr_block
}

# Create a Redpanda BYOC cluster
resource "redpanda_cluster" "test" {
  name              = var.cluster_name
  resource_group_id = redpanda_resource_group.test.id
  network_id        = redpanda_network.test.id
  cloud_provider    = var.cloud_provider
  region            = var.region
  cluster_type      = "byoc"
  connection_type   = "public"  # Publicly accessible cluster
  throughput_tier   = var.throughput_tier
  zones             = var.zones
  allow_deletion    = true      # Allow the cluster to be deleted
  tags = {                      # Add metadata tags
    "environment" = "dev"
  }
}

After exporting our environment variables to set credentials for authentication to the Redpanda Cloud API, you can simply run terraform plan and terraform apply.

export REDPANDA_CLIENT_ID=<Redpanda Cloud client id>
export REDPANDA_CLIENT_SECRET=<Redpanda Cloud client secret>
terraform init
terraform plan
terraform apply

Then, you can destroy your resource group, network, and Redpanda cluster using Terraform. With infrastructure as code, you can automate the entire Redpanda cluster lifecycle without relying on manual HTTP API or CLI commands. And, it works natively with Terraform Cloud.

terraform destroy

Check our docs to automate all the things. Redpanda + Terraform = ❤️🤖

‍

Platform team power plays: Do more with less

Redpanda Cloud doubles partition density: more scale, more value

At Redpanda, we’re always looking for ways to squeeze more performance and efficiency out of every byte. One of our recent engineering efforts has delivered a big win: we’ve doubled the maximum partition density per vCPU.

Historically, we defaulted to 4MB per partition, an empirically chosen safety buffer to prevent out-of-memory errors when scaling to a very high number of partitions per vCPU. But it wasn’t reflective of real usage patterns.

Instead, we analyzed actual memory usage per partition and adjusted the default value to more closely match reality. This gave us more accurate memory planning, using reserved memory for partition allocation rather than raw available memory.

This change isn’t just about theoretical limits—it’s about real-world operations. These improvements give platform teams the ability to:

• Greater partition density: Scale more workloads on fewer clusters
• Lower operational costs: Handle more consumers and producers per topic
• More efficient use of hardware: Gain flexibility in how you design application ingress/egress 

This change aligns Redpanda Cloud with modern enterprise expectations, providing teams with the headroom they need for long-term growth.

See updated Redpanda Cloud BYOC partition limits →

Enterprise-grade: Security, compliance, and integration 

Enhanced access control of Cloud resources (RBAC)

When we first launched BYOC, customers got something rare in the world of managed services: total control without losing the benefits of full platform management. With the launch of enhanced role-based access control (RBAC) in Redpanda Cloud, access management finally aligns with how real teams work at scale. This is RBAC designed not just for compliance, but for clarity, collaboration, and confidence.

Redpanda Cloud RBAC allows administrators to assign permissions to users based on their roles, streamlining access management across the organization. This system operates in two planes:

• Control plane: Manages access to organization-level resources, including clusters, resource groups, and networks. For example, administrators can grant developers access to development clusters while restricting access to production clusters.
  
  
• Data plane: Controls access to cluster-level resources, including topics and consumer groups. This granularity ensures that users have appropriate permissions within each cluster. 

Redpanda Cloud provides three predefined roles: Reader, Writer, and Admin. Each of these builds on the permissions of the previous one.

• Reader: View-only access to all resources, including networks, clusters, topics, consumer groups, schemas, and Kafka Connect. Cannot view the user list.
• Writer: Includes all Reader permissions. Can create, modify, and delete topics and consumer group offsets. Can manage Kafka Connect clusters and connectors. Cannot manage ACLs or service accounts.
• Admin: Includes all writer permissions. Can create and remove ACLs and service accounts. Has full administrative control over access and identity management.

Now you can assign permissions with surgical precision—by user, cluster, or environment. Whether you’re a solo DevOps engineer or an enterprise platform team, you can enforce clear separation of duties between development and production, while respecting geographic or regulatory boundaries.

And the best part? Policies are intuitive, inheritable, and easy to reason about. You’re not just locking things down, you’re empowering teams to move fast without breaking rules.

Learn more about RBAC in Redpanda Cloud, or explore what’s possible with Redpanda Cloud’s production-grade security controls. Access control done right and built to scale.

Redpanda Connect: BigQuery certified sink connector

Redpanda is now officially certified in the Google Cloud Ready – BigQuery program. Our Cloud-based Redpanda Connect BigQuery sink connector has been tested by Google Cloud to meet their standards for integration quality, performance, and reliability.

With this connector, you can:

• Stream Kafka-compatible topics directly into BigQuery
• Enable real-time analytics on Redpanda data using native SQL
• Eliminate brittle ETL processes between streaming and warehouse environments

Certification helps ensure predictable outcomes and tight integration with your broader GCP stack—and it’s just one more reason to run on Redpanda Cloud.

Query your data like magic with BigQuery and Redpanda Connect! 
‍

Redpanda Connect Certified for BYOVPC (GCP and AWS)

Redpanda Connect is now certified for BYOVPC clusters on Google Cloud and BYOVPC clusters on AWS. Teams can now securely use Redpanda Connect pipelines on cloud environments on VPCs that are managed externally from Redpanda..

Redpanda Connect pipelines can now natively run on new and existing BYOVPC clusters by accessing the Connect menu within Redpanda Cloud. Using RPCN with BYOVPC clusters now allows your pipelines to seamlessly connect to your BYOVPC Brokers without needing to configure additional cross-VPC networking between Redpanda Brokers and Redpanda Connect. 

Managing pipelines enables you to start and stop them seamlessly through the UI, allowing you to view your pipelines running at a glance. 

GCP support is generally available today, and AWS support is now in Beta.

Learn more by visiting Redpanda Connect BYOVPC for GCP or Redpanda Connect BYOVPC for AWS.

Running smooth and staying sane. Try it today!

Redpanda Cloud is leveling up: more automation, more partitions, more security. These are the changes that make a difference every day for the teams that build, run, and rely on modern software systems—the ones that just work, and keep working.

Grab a free trial of Redpanda BYOC and get data sovereignty and fully-managed service all rolled into one. If you can't wait to dig in, try out Redpanda Serverless to start streaming in seconds. (Psst! New Serverless sign-ups get $100 in credits to use in their first 14 days.) Let us know what you think in #serverless on the Redpanda Community Slack!