Authorization issue when connecting to MSK cluster


I have configured an MSK cluster and allowed public access through SASL/SCRAM authentication method. Now I am facing an issue where I do not have the necessary permissions when using these credentials (specified in the Secrets Manager created with a custom key). The connecting client can perform certain operations but fails to fetch or create topics, nor publish a new message to the existing topic. I am using confluent and C# and here is an example of the configuration of my client.

BootstrapServers = Config.KafkaBootstrapServers,
SaslMechanism = SaslMechanism.ScramSha512,
SecurityProtocol = SecurityProtocol.SaslSsl,
SaslUsername = Config.Username, // username from secrets manager
SaslPassword = Config.Password, // password from secrets manager
ClientId = Config.Client,
Acks = Acks.All

How can I assign higher permissions? Since it is a managed Kafka service, there is no option to modify this on the broker level. And since there is no user behind these credentials, I cannot assign a specific policy to it. What are the options here?

  • Is there any answer for this from MSK? I am running into the same issue, using Confluent C# to access a public Amazon MSK cluster. I followed the tutorials to enable public access and have specified a SASL-SCRAM user via Secrets Manager.

1 Antwort

The docs to configure your cluster to authenticate via IAM are available here.

You need to ensure that you deploy a policy with the kafka-cluster:CreateTopic permission to allow your clients to create a topic.

Best Craig

profile pictureAWS
beantwortet vor einem Jahr
  • Well that is the point. I don't want to use IAM flow but SASL/SCRAM. That is why I enabled the public access. I am accessing the cluster from outside of the AWS

  • @Craig Simon Can you please post documentation with an example of how to authenticate from a public resource via SASL SCRAM?

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen