risingwave-docs icon indicating copy to clipboard operation
risingwave-docs copied to clipboard
verified publisher icon risingwavelabs

Update amazon-msk.mdx to fix sasl.mechanism property

Open kazdy opened this issue 10 months ago • 4 comments

for sasl/scram auth we must specify sasl.mechanism = 'SCRAM-SHA-512' not AWS_MSK_IAM

Description

[ Please provide a brief summary of the documentation changes and purpose. ]

Related code PR

[ Link to the related code pull request (if any). ]

Related doc issue

[ Link to the related documentation issue or task (if any). ]

Fix [ Provide the link to the doc issue here. ]

Checklist

  • [ ] I have run the documentation build locally to verify the updates are applied correctly.
  • [ ] For new pages, I have updated mint.json to include the page in the table of contents.
  • [ ] All links and references have been checked and are not broken.

kazdy avatar Jun 22 '25 14:06 kazdy

Hi @kazdy, thanks for contribution.

There are two auth for MSK, SSL/SASL and IAM (AWS recommends).

  • SSL/SASL requires SCRAM-SHA-512 as you mentioned ref.
  • IAM auth allows RisingWave loads credentials from ENV to avoid exposing secrets, which more like oauthbearer. It is supported by AWS_MSK_IAM. ref

Thanks for pointing out, I think it is okay to have two examples here.

tabVersion avatar Jun 24 '25 09:06 tabVersion

Hi, thanks for checking.

So atm there are 2 examples one specifies:

properties.sasl.username = '<your-username>',
  properties.sasl.password = '<your-password>'

but the sasl.mechanism is set to AWS_MSK_IAM, which is incorrect and won't work this may confuse new users such as myself

the example below this one shows correct AWS_MSK_IAM config with provided aws credentials instead sasl username and password

https://github.com/risingwavelabs/risingwave-docs/blob/55859598972ebb2e5d92dc7b6e76a2250f62e147/integrations/sources/amazon-msk.mdx?plain=1#L222-L233

kazdy avatar Jun 24 '25 09:06 kazdy

Also I don't think this line is correct, it mentions Kinesis, but this page is about Kafka: https://github.com/risingwavelabs/risingwave-docs/blob/55859598972ebb2e5d92dc7b6e76a2250f62e147/integrations/sources/amazon-msk.mdx?plain=1#L212

For kafka we use brokers and not aws service endpoint ie kafka.us-east-2.amazonaws.com, so there's no need to specify it (not sure though)?

kazdy avatar Jun 24 '25 10:06 kazdy

Also I don't think this line is correct, it mentions Kinesis, but this page is about Kafka:

https://github.com/risingwavelabs/risingwave-docs/blob/55859598972ebb2e5d92dc7b6e76a2250f62e147/integrations/sources/amazon-msk.mdx?plain=1#L212

For kafka we use brokers and not aws service endpoint ie kafka.us-east-2.amazonaws.com, so there's no need to specify it (not sure though)?

I think it is removed in https://github.com/risingwavelabs/risingwave-docs/pull/519

Besides, the endpoint here is not mandatory but an optional one, in case you have a private endpoint in your own VPC.

tabVersion avatar Jun 25 '25 05:06 tabVersion