- Newest
- Most votes
- Most comments
It was permissions.... the Pipes auto created execution role and policy doesn't give Pipes the permissions required to use MSK as a source. I had augmented the auto created role with MSK Full Access but that does include below.
I noticed that my Lambda would only auth with SASL, so added below and then added same to the Pipes execution role.
Pipes showed as running, no errors reported, but clearly it couldn't connect or read. Wild that there are no errors and no logs that I could find. I'm guessing there must be a sequencing of setup issue.
https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-permissions-iam-policy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kafka-cluster:Connect", "kafka-cluster:DescribeGroup", "kafka-cluster:AlterGroup", "kafka-cluster:DescribeTopic", "kafka-cluster:ReadData", "kafka-cluster:DescribeClusterDynamicConfiguration" ], "Resource": "*" } ] }
Relevant content
- asked 4 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago