By using AWS re:Post, you agree to the Terms of Use
/non-IAM authentication for MSK Serverless/

non-IAM authentication for MSK Serverless


Since IAM authentication on MSK requires monkey-patching the client libraries's classpath in order to work, it's unsuitable for the vast majority of use cases, such as:

  • Usage with any non-JVM Kafka tools or libraries
  • Lambda code written in any non-JVM language (most 'serverless' code is NOT written for JVM)
  • Scenarios where modifying a packaged JVM client library would void support contracts
  • Scenarios where maintaining modifications to packaged JVM clients every time they're updated is not realistic

I'm trying to think of realistic scenarios where a development team would want the simplicity and lack of maintenance of a serverless kafka cluster, but also are willing to commit to throwing out the majority of the available Kafka tools and libraries out there, while also committing to maintaining monkey-patched versions of all of the remaining tools. It's pretty difficult for me to imagine. Given the above, are there any plans for the future to support any security mechanisms on MSK Serverless other than IAM? If not, given the enormous compromises required in order to support IAM usage on MSK, who is the MSK Serverless offering actually targeted at?

1 Answers

Thank you for raising a request with AWS.

Please note that currently the IAM based authentication is the only security mechanism. Inorder to check for future release timeline of other security mechanism and answer to your questions we would be required to reach out internal service team and PM team. Thus we request you to please open a support case with AWS support. Please refer to the following links on how to open a case and support plans available:



answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions