Connecting to Amazon MSK

This article describes how to connect KaDeck Web and KaDeck Desktop to Amazon MSK.

Important note: Connecting to Amazon MSK with KaDeck Web is straight forward if KaDeck Web is deployed inside the same VPC (e.g., as EC2 or ECS instance). Learn how to deploy KaDeck Web using Amazon Elastic Cloud Service (ECS).

KaDeck Desktop (and other local clients) are able to connect to Amazon MSK over the internet with the "public access" feature of AWS (documentation, announcement) or by using a third-party proxy. A list of recommended proxies can be found in the last section of this article.


Connecting to Amazon MSK with KaDeck using IAM

To connect to Amazon MSK with KaDeck using IAM, create a new connection in KaDeck's connection overview page. 

  1. Specify the address of your broker.
  2. Select SASL_SSL as the security protocol in the Security & Authentication section of the Broker Configuration tab.
  3. Enter the SASL JAAS Config string. This looks something like this: required awsProfileName="myProfile";
  4. Select AWS_MSK_IAM from the SASL mechanism drop-down box.


Amazon MSK Policies

This article from AWS covers how to configure permissions to Apache Kafka actions with IAM.

Your user needs the permission to execute the following actions in Apache Kafka:

ListTopics, DescribeTopics, ListConsumerGroups


Proxies for Amazon MSK

Since November 2021 (AWS announcement), it is possible to connect from the internet directly to Amazon MSK using the newly introduced "public access" feature:

Public Access on AWS Documentation

Additionaly, proxies can be used instead. This is a list of third-party proxies that allow local clients to connect to Amazon MSK over the internet.


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.