- 최신
- 최다 투표
- 가장 많은 댓글
The recommended way to achieve this is using IAM authentication. IAM controls both who can be authenticated and authorized to use Amazon MSK resources. For your use case, "kafka-cluster:" Action must be allowed on all topics (eg : arn:aws:kafka:<region>:<account>:topic/ClusterName/) in the authorization policy of User 1.
Similar authorization policy can be used for User 2 and User 3 but only for one topic ( arn:aws:kafka:<region>:<account>:topic/ClusterName/<topicname>). Complete information about IAM authentication and authorization - [1] https://aws.amazon.com/blogs/big-data/securing-apache-kafka-is-easy-and-familiar-with-iam-access-control-for-amazon-msk/.
One other way if using SASL/SCRAM or TLS auth is to use ACLs. By setting ACLs you can restrict who can access topics - [2] https://docs.aws.amazon.com/msk/latest/developerguide/msk-acls.html
관련 콘텐츠
- AWS 공식업데이트됨 2년 전