By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Kafka ACL with IAM

0

Does Kafka ACLs work with IAM authentication in MSK Cluster? I see that authorization is dictated by IAM policies, but what role would ACL play and which one would take precedence IAM rule or ACL rule?

Topics
Analytics
Tags
Amazon Managed Streaming for Apache Kafka (Amazon MSK)
Language
English
rePost-User-2699624
asked a year ago635 views
1 Answer
1

Hi,

Apache Kafka ACLs stored in Apache ZooKeeper for a MSK Cluster have no effect on authorization for IAM roles[1]. When using IAM authentication, authorization for MSK resources(Cluster, topics, etc) is granted by IAM policies, irrespective of the ACLs configured.

Hope it helps.

[1] https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#:~:text=You%20can%20invoke%20Apache%20Kafka%20ACL%20APIs%20for%20an%20MSK%20cluster%20that%20uses%20IAM%20access%20control.%20However%2C%20Apache%20Kafka%20ACLs%20stored%20in%20Apache%20ZooKeeper%20have%20no%20effect%20on%20authorization%20for%20IAM%20roles.%20You%20must%20use%20IAM%20policies%20to%20control%20access%20for%20IAM%20roles.

AWS
SUPPORT ENGINEER
Lovetesh_C
answered a year ago
AWS
EXPERT
Fabrizio@AWS
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content