- 新しい順
- 投票が多い順
- コメントが多い順
As super.users parameter is currently not supported in MSK, following is one way to achieve something similar -- allow.everyone.if.no.acl.found is by default set to true, so you can start by adding ACLs for the intended principal/user allowing all 'operations' on resource types like topic, group. And on resource type 'cluster' add ACLs for all operations except CLUSTER_ACTIONS(to avoid blocking brokers, don't set ACLs on CLUSTER_ACTIONS)(1).
After you set the Apache Kafka ACLs for the user, update the cluster's configuration to have the property allow.everyone.if.no.acl.found to false for the cluster(2). This way above user will act similar to a super user and all other users will be denied access unless ACLs are added for other users as well.
(1) https://docs.aws.amazon.com/msk/latest/developerguide/msk-acls.html
(2) https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-operations.html
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 2年前
"to avoid blocking brokers, don't set ACLs on CLUSTER_ACTIONS"
Where is that in the documentation? The link in (1) doesn't mention CLUSTER_ACTIONS (in fact it's pretty sparse on details in general).
Hi what can you do if you have a cluster with public access? - this cannot be work, because it is prohibited by the API. So my question: how can you manage the users in that scenario?