By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

MSK Cluster connection failed with SASL authentication error for internal Kafka Users

0

Hi,

I have an MSK cluster with SASL/SCRAM enabled and created appropriate Super User for cluster with Secret to manage further users in cluster. If I create new users for example with Sarama client using this superuser as admin client, they appear in zookeeper config and kafka-configs, but connection for such users is failed with - Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512.

Can such internal Kafka users have access to MSK cluster with some additional configuration or every further user in MSK with SASL/SCRAM should have separate "Amazon_MSK_" prefixed secret and managed via KMS?

Topics
Security, Identity, & ComplianceAnalytics
Tags
AWS Identity and Access ManagementAmazon Managed Streaming for Apache Kafka (Amazon MSK)
Language
English
FilatovM
asked 14 days ago94 views
1 Answer
0

MSK supports SASL SCRAM with the users defined in AWS Secrets Manager ONLY. Please follow the documentation on how to create and associate a user with MSK. After that, use Kafka ACLs to manage permissions for that users.

profile pictureAWS
EdbE
answered 10 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content