Kafka ACL with IAM

Hi,

Apache Kafka ACLs stored in Apache ZooKeeper for a MSK Cluster have no effect on authorization for IAM roles[1]. When using IAM authentication, authorization for MSK resources(Cluster, topics, etc) is granted by IAM policies, irrespective of the ACLs configured.

Hope it helps.

[1] https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#:~:text=You%20can%20invoke%20Apache%20Kafka%20ACL%20APIs%20for%20an%20MSK%20cluster%20that%20uses%20IAM%20access%20control.%20However%2C%20Apache%20Kafka%20ACLs%20stored%20in%20Apache%20ZooKeeper%20have%20no%20effect%20on%20authorization%20for%20IAM%20roles.%20You%20must%20use%20IAM%20policies%20to%20control%20access%20for%20IAM%20roles.