Authorization issue when connecting to MSK cluster


I have configured an MSK cluster and allowed public access through SASL/SCRAM authentication method. Now I am facing an issue where I do not have the necessary permissions when using these credentials (specified in the Secrets Manager created with a custom key). The connecting client can perform certain operations but fails to fetch or create topics, nor publish a new message to the existing topic. I am using confluent and C# and here is an example of the configuration of my client.

BootstrapServers = Config.KafkaBootstrapServers,
SaslMechanism = SaslMechanism.ScramSha512,
SecurityProtocol = SecurityProtocol.SaslSsl,
SaslUsername = Config.Username, // username from secrets manager
SaslPassword = Config.Password, // password from secrets manager
ClientId = Config.Client,
Acks = Acks.All

How can I assign higher permissions? Since it is a managed Kafka service, there is no option to modify this on the broker level. And since there is no user behind these credentials, I cannot assign a specific policy to it. What are the options here?

  • Is there any answer for this from MSK? I am running into the same issue, using Confluent C# to access a public Amazon MSK cluster. I followed the tutorials to enable public access and have specified a SASL-SCRAM user via Secrets Manager.

1 Resposta

The docs to configure your cluster to authenticate via IAM are available here.

You need to ensure that you deploy a policy with the kafka-cluster:CreateTopic permission to allow your clients to create a topic.

Best Craig

profile pictureAWS
respondido há um ano
  • Well that is the point. I don't want to use IAM flow but SASL/SCRAM. That is why I enabled the public access. I am accessing the cluster from outside of the AWS

  • @Craig Simon Can you please post documentation with an example of how to authenticate from a public resource via SASL SCRAM?

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas