This article describes how to connect KaDeck Web and KaDeck Desktop to Amazon MSK.
Important note: Connecting to Amazon MSK with KaDeck Web is straight forward if KaDeck Web is deployed inside the same VPC (e.g., as EC2 or ECS instance). Learn how to deploy KaDeck Web using Amazon Elastic Cloud Service (ECS).
KaDeck Desktop (and other local clients) are able to connect to Amazon MSK over the internet with the "public access" feature of AWS (documentation, announcement) or by using a third-party proxy. A list of recommended proxies can be found in the last section of this article.
Connecting to Amazon MSK with KaDeck using IAM
To connect to Amazon MSK with KaDeck using IAM, create a new connection in KaDeck's connection overview page.
- Specify the address of your broker.
- Select SASL_SSL as the security protocol in the Security & Authentication section of the Broker Configuration tab.
- Enter the SASL JAAS Config string. This looks something like this:
software.amazon.msk.auth.iam.IAMLoginModule required awsProfileName="myProfile";
- Select AWS_MSK_IAM from the SASL mechanism drop-down box.
Amazon MSK Policies
This article from AWS covers how to configure permissions to Apache Kafka actions with IAM.
Your user needs the permission to execute the following actions in Apache Kafka:
ListTopics, DescribeTopics, ListConsumerGroups
Proxies for Amazon MSK
Since November 2021 (AWS announcement), it is possible to connect from the internet directly to Amazon MSK using the newly introduced "public access" feature:
Additionaly, proxies can be used instead. This is a list of third-party proxies that allow local clients to connect to Amazon MSK over the internet.