This guide has been written for MSK Serverless but is applicable for MSK in general as well.
Authentication options for Kafbat-UI:
KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL=SASL_SSL
KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM=AWS_MSK_IAM
KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG='software.amazon.msk.auth.iam.IAMLoginModule required;'
KAFKA_CLUSTERS_0_PROPERTIES_SASL_CLIENT_CALLBACK_HANDLER_CLASS='software.amazon.msk.auth.iam.IAMClientCallbackHandler'
environment: [
{
name: "KAFKA_CLUSTERS_0_NAME",
value: config.mskClusterName
},
{
name: "KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS",
value: config.mskBootstrapServers
},
{
name: "KAFKA_CLUSTERS_0_DISABLELOGDIRSCOLLECTION",
value: "true"
},
{
name: "KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL",
value: "SASL_SSL"
},
{
name: "KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM",
value: "AWS_MSK_IAM"
},
{
name: "KAFKA_CLUSTERS_0_PROPERTIES_SASL_CLIENT_CALLBACK_HANDLER_CLASS",
value: "software.amazon.msk.auth.iam.IAMClientCallbackHandler"
},
{
name: "KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG",
value: "software.amazon.msk.auth.iam.IAMLoginModule required awsDebugCreds=true;"
},
],
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"kafka-cluster:Connect",
"kafka-cluster:DescribeCluster",
"kafka-cluster:AlterCluster",
"kafka-cluster:AlterClusterDynamicConfiguration",
"kafka-cluster:DescribeClusterDynamicConfiguration",
],
"Resource": "arn:aws:kafka:eu-central-1:297478128798:cluster/test-wizard/7b39802a-21ac-48fe-b6e8-a7baf2ae2533-s2"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"kafka-cluster:ReadData",
"kafka-cluster:WriteData",
"kafka-cluster:DescribeTopicDynamicConfiguration",
"kafka-cluster:AlterTopicDynamicConfiguration",
"kafka-cluster:AlterTopic",
"kafka-cluster:CreateTopic",
"kafka-cluster:DescribeTopic",
"kafka-cluster:DeleteTopic"
],
"Resource": "arn:aws:kafka:eu-central-1:297478128798:topic/test-wizard/7b39802a-21ac-48fe-b6e8-a7baf2ae2533-s2/*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"kafka-cluster:DeleteGroup",
"kafka-cluster:DescribeGroup",
"kafka-cluster:AlterGroup"
],
"Resource": "arn:aws:kafka:eu-central-1:297478128798:group/test-wizard/7b39802a-21ac-48fe-b6e8-a7baf2ae2533-s2/*"
}
]
}
Attaching the policy to a user
Attaching the role to the EC2 instance
