Authorization issue when connecting to MSK cluster


I have configured an MSK cluster and allowed public access through SASL/SCRAM authentication method. Now I am facing an issue where I do not have the necessary permissions when using these credentials (specified in the Secrets Manager created with a custom key). The connecting client can perform certain operations but fails to fetch or create topics, nor publish a new message to the existing topic. I am using confluent and C# and here is an example of the configuration of my client.

BootstrapServers = Config.KafkaBootstrapServers,
SaslMechanism = SaslMechanism.ScramSha512,
SecurityProtocol = SecurityProtocol.SaslSsl,
SaslUsername = Config.Username, // username from secrets manager
SaslPassword = Config.Password, // password from secrets manager
ClientId = Config.Client,
Acks = Acks.All

How can I assign higher permissions? Since it is a managed Kafka service, there is no option to modify this on the broker level. And since there is no user behind these credentials, I cannot assign a specific policy to it. What are the options here?

  • Is there any answer for this from MSK? I am running into the same issue, using Confluent C# to access a public Amazon MSK cluster. I followed the tutorials to enable public access and have specified a SASL-SCRAM user via Secrets Manager.

1개 답변

The docs to configure your cluster to authenticate via IAM are available here.

You need to ensure that you deploy a policy with the kafka-cluster:CreateTopic permission to allow your clients to create a topic.

Best Craig

profile pictureAWS
답변함 일 년 전
  • Well that is the point. I don't want to use IAM flow but SASL/SCRAM. That is why I enabled the public access. I am accessing the cluster from outside of the AWS

  • @Craig Simon Can you please post documentation with an example of how to authenticate from a public resource via SASL SCRAM?

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠