zoe
zoe copied to clipboard
Published
20 hours ago •
adevinta
adevinta
IAM support for Amazon Managed Streaming for Kafka (MSK)
Amazon Managed Streaming for Kafka service (MSK) allows a new simple authentication and security layer (SASL) mechanism called AWS_MSK_IAM: https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html
In order to enable support, we simply need as dependency the related library for IAM authentication. This should allow configuring Kafka properties to bind the related SASL client implementation:
# Sets up TLS for encryption and SASL for authN.
security.protocol = SASL_SSL
# Identifies the SASL mechanism to use.
sasl.mechanism = AWS_MSK_IAM
# Binds SASL client implementation.
sasl.jaas.config = software.amazon.msk.auth.iam.IAMLoginModule required;
# Encapsulates constructing a SigV4 signature based on extracted credentials.
# The SASL client bound by "sasl.jaas.config" invokes this class.
sasl.client.callback.handler.class = software.amazon.msk.auth.iam.IAMClientCallbackHandler
For more, see https://github.com/aws/aws-msk-iam-auth
