Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Kafka ACL with IAM

0

Does Kafka ACLs work with IAM authentication in MSK Cluster? I see that authorization is dictated by IAM policies, but what role would ACL play and which one would take precedence IAM rule or ACL rule?

Argomenti
Analisi
Tag
Streaming gestito da Amazon per Apache Kafka (Amazon MSK)
Lingua
English
rePost-User-2699624
posta un anno fa650 visualizzazioni
1 Risposta
1

Hi,

Apache Kafka ACLs stored in Apache ZooKeeper for a MSK Cluster have no effect on authorization for IAM roles[1]. When using IAM authentication, authorization for MSK resources(Cluster, topics, etc) is granted by IAM policies, irrespective of the ACLs configured.

Hope it helps.

[1] https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#:~:text=You%20can%20invoke%20Apache%20Kafka%20ACL%20APIs%20for%20an%20MSK%20cluster%20that%20uses%20IAM%20access%20control.%20However%2C%20Apache%20Kafka%20ACLs%20stored%20in%20Apache%20ZooKeeper%20have%20no%20effect%20on%20authorization%20for%20IAM%20roles.%20You%20must%20use%20IAM%20policies%20to%20control%20access%20for%20IAM%20roles.

AWS
TECNICO DI SUPPORTO
Lovetesh_C
con risposta un anno fa
AWS
ESPERTO
Fabrizio@AWS
verificato un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente