2 個答案
- 最新
- 最多得票
- 最多評論
1
As per reference[1], if the Amazon MSK cluster that you want to use with your connector is a cluster that uses IAM authentication, then you must add the following permissions policy to the connector's service execution role:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kafka-cluster:Connect",
"kafka-cluster:DescribeCluster"
],
"Resource": [
"cluster-arn"
]
},
{
"Effect": "Allow",
"Action": [
"kafka-cluster:ReadData",
"kafka-cluster:DescribeTopic"
],
"Resource": [
"ARN of the topic that you want a sink connector to read from"
]
},
{
"Effect": "Allow",
"Action": [
"kafka-cluster:WriteData",
"kafka-cluster:DescribeTopic"
],
"Resource": [
"ARN of the topic that you want a source connector to write to"
]
},
{
"Effect": "Allow",
"Action": [
"kafka-cluster:CreateTopic",
"kafka-cluster:WriteData",
"kafka-cluster:ReadData",
"kafka-cluster:DescribeTopic"
],
"Resource": [
"arn:aws:kafka:region:account-id:topic/cluster-name/cluster-uuid/__amazon_msk_connect_*"
]
},
{
"Effect": "Allow",
"Action": [
"kafka-cluster:AlterGroup",
"kafka-cluster:DescribeGroup"
],
"Resource": [
"arn:aws:kafka:region:account-id:group/cluster-name/cluster-uuid/__amazon_msk_connect_*",
"arn:aws:kafka:region:account-id:group/cluster-name/cluster-uuid/connect-*"
]
}
]
}
I kindly request you to check if you have setup the IAM policy as mentioned above. If issue still persisits, then in order to dive deep into issue, we require details that are non-public information. Please open a support case with AWS using reference[2].
[1] https://docs.aws.amazon.com/msk/latest/developerguide/msk-connect-service-execution-role.html [2] https://console.aws.amazon.com/support/home#/case/create
0
Thanks @AkashD, that's right, I missed that part. and all good now. Cheers
已回答 1 年前
相關內容
- 已提問 6 個月前
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前