- Le plus récent
- Le plus de votes
- La plupart des commentaires
The recommended way to achieve this is using IAM authentication. IAM controls both who can be authenticated and authorized to use Amazon MSK resources. For your use case, "kafka-cluster:" Action must be allowed on all topics (eg : arn:aws:kafka:<region>:<account>:topic/ClusterName/) in the authorization policy of User 1.
Similar authorization policy can be used for User 2 and User 3 but only for one topic ( arn:aws:kafka:<region>:<account>:topic/ClusterName/<topicname>). Complete information about IAM authentication and authorization - [1] https://aws.amazon.com/blogs/big-data/securing-apache-kafka-is-easy-and-familiar-with-iam-access-control-for-amazon-msk/.
One other way if using SASL/SCRAM or TLS auth is to use ACLs. By setting ACLs you can restrict who can access topics - [2] https://docs.aws.amazon.com/msk/latest/developerguide/msk-acls.html
Contenus pertinents
- demandé il y a un an
- demandé il y a un mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 mois
- AWS OFFICIELA mis à jour il y a 3 ans