non-IAM authentication for MSK Serverless
Since IAM authentication on MSK requires monkey-patching the client libraries's classpath in order to work, it's unsuitable for the vast majority of use cases, such as:
- Usage with any non-JVM Kafka tools or libraries
- Lambda code written in any non-JVM language (most 'serverless' code is NOT written for JVM)
- Scenarios where modifying a packaged JVM client library would void support contracts
- Scenarios where maintaining modifications to packaged JVM clients every time they're updated is not realistic
I'm trying to think of realistic scenarios where a development team would want the simplicity and lack of maintenance of a serverless kafka cluster, but also are willing to commit to throwing out the majority of the available Kafka tools and libraries out there, while also committing to maintaining monkey-patched versions of all of the remaining tools. It's pretty difficult for me to imagine. Given the above, are there any plans for the future to support any security mechanisms on MSK Serverless other than IAM? If not, given the enormous compromises required in order to support IAM usage on MSK, who is the MSK Serverless offering actually targeted at?
Thank you for raising a request with AWS.
Please note that currently the IAM based authentication is the only security mechanism. Inorder to check for future release timeline of other security mechanism and answer to your questions we would be required to reach out internal service team and PM team. Thus we request you to please open a support case with AWS support. Please refer to the following links on how to open a case and support plans available:
-- https://docs.aws.amazon.com/awssupport/latest/user/case-management.html
Relevant questions
How to enroll for MSK Serverless
asked 7 months agoHow to connect Glue to MSK with IAM authentication?
asked 7 months agoAWS MSK IAM Authentication with MSK Connect
asked 5 months agoHow do you setup cross-account IAM authentication in AWS MSK?
Accepted Answerasked 4 months agoAmazon MSK Authentication and Authorization
asked 6 months agoUsing a subordinate certificate authority from ACM Private CA for mTLS client certificate authentication with MSK
asked 5 months agonon-IAM authentication for MSK Serverless
asked 2 months agoUsing MSK as trigger to a Lambda with SASL/SCRAM Authentication
asked a month agoAvailable connectors for Serverless MSK
asked 4 months agoissue enabling SASL/SCRAM authentication on MSK
asked 3 months ago