En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

MSK Connect - not connecting to MSK Cluster

0

From CloudWatch logs:

[Worker-08b99ad5f119f02cd] org.apache.kafka.common.errors.TimeoutException: Call(callName=fetchMetadata, deadlineMs=1683595748944, tries=1, nextAllowedTryMs=1683595749045) timed out at 1683595748945 after 1 attempt(s)

Security Group The MSK Connector uses the same security group as the MSK Cluster and accepts All Traffic from all ports inbound from itself.

IAM Role The MSK Connector uses an IAM role with the following trust relationship:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "kafkaconnect.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

The same role has the following policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:Connect",
                "kafka-cluster:DescribeCluster"
            ],
            "Resource": [
                "cluster-arn"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:ReadData",
                "kafka-cluster:DescribeTopic"
            ],
            "Resource": [
                "ARN of the topic that you want a sink connector to read from"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:WriteData",
                "kafka-cluster:DescribeTopic"
            ],
            "Resource": [
                "ARN of the topic that you want a source connector to write to"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:CreateTopic",
                "kafka-cluster:WriteData",
                "kafka-cluster:ReadData",
                "kafka-cluster:DescribeTopic"
            ],
            "Resource": [
                "arn:aws:kafka:region:account-id:topic/cluster-name/cluster-uuid/__amazon_msk_connect_*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:AlterGroup",
                "kafka-cluster:DescribeGroup"
            ],
            "Resource": [
                "arn:aws:kafka:region:account-id:group/cluster-name/cluster-uuid/__amazon_msk_connect_*",
                "arn:aws:kafka:region:account-id:group/cluster-name/cluster-uuid/connect-*"
            ]
        }
    ]
}

This seems to cover everything I can find in docs / other re:Post threads.

Any help would be appreciated!

Sujets
Analytique
Balises
Streaming géré par Amazon pour Apache Kafka (Amazon MSK)
Langue
English
Gary
demandé il y a un an575 vues
1 réponse
1

If the connector can't reach your MSK cluster, then you receive a TimeOutException error.

Ensure the bootstrap servers that are specified in the properties, including port number, are valid and accurate. Be sure that the security group for your cluster allows inbound traffic from the client's security group that's associated with MSK Connect. If an MSK cluster is used, then add a rule that allows inbound traffic from itself.

Also please refer https://repost.aws/knowledge-center/msk-connector-connect-errors to troubleshoot errors while trying to create a connector using Amazon MSK Connect.

AWS
Harita
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents