Use PrivateLink / VPC endpoints to connect to serverless MSK?


I'm looking to connect a service that will send messages to a Kafka, MSK serverless cluster. The service itself is in another account and in a different region from the MSK cluster.

I followed this guide to set up Route 53 private zone for route resolving:, but I'm a bit stumped on how to set up PrivateLink.

It's mentioned as an option, but not described anywhere specifically for MSK (I see a lot of documentation for API Gateway though). First of all, is it possible to set up PrivateLink for serverless MSK, or use the auto-generated VPCE to connect our producer service? If so, could I get some pointers?

And if not, what other options do I have? I know of VPC peering and Transit Gateway, but I'm looking for options that will make it less difficult for the producer service team.

Thank you.

1 Answer

To achieve what you want, you'll need to utilize Multi-VPC private connectivity.

ℹ️ Multi-VPC private connectivity offers a managed solution that streamlines networking infrastructure for multi-VPC and cross-account connectivity. It allows clients to securely connect to Amazon MSK clusters via PrivateLink, ensuring that all traffic remains within the AWS network. This feature is available in all AWS Regions where Amazon MSK is offered.

💡 For further details, refer to the Amazon MSK multi-VPC private connectivity documentation.

profile picture
answered a month ago
  • I think the link you provided may be for private connectivity in the same region. For me, my case is in different accounts in different regions. Will it still work?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions