By using AWS re:Post, you agree to the Terms of Use

MSK serverless BootstrapBrokerStringTls

0

https://docs.aws.amazon.com/msk/latest/developerguide/msk-authentication.html

Review the heading: 'To set up a client to use authentication' Item 3. `On a machine where you have the AWS CLI installed, run the following command to get the bootstrap brokers of the cluster. Replace Cluster-ARN with the ARN of your cluster.

aws kafka get-bootstrap-brokers --cluster-arn Cluster-ARN

Save the string associated with BootstrapBrokerStringTls in the response.`

If you try item 3, and you have serverless MSK, you get: An error occurred (BadRequestException) when calling the DescribeCluster operation: This operation cannot be performed on serverless clusters.

So what do you do to setup SSL on clients who are using an AWS PrivateLink to access the brokers?

At this time, I am blocked from being able to use the PrivateLink connection to the MSK cluster. When I try, I get: ERROR [Producer clientId=console-producer] Connection to node -1 (XXX.kafka.us-east-1.amazonaws.com/XXX.XXX.XXX.XXX:9098) failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)

  • To further explain, I am using an user account that has appropriate IAM permissions to access the MSK clusters, hence the call on port 9098.

1 Answer
0

Hi you need to use the v2 API:

aws kafka list-clusters-v2 --region <region-name>
aws kafka describe-cluster-v2 --cluster-arn <value>

For now, MSK Serverless only allows SSL via IAM and not MutualTLS. Follow this guide to achieve IAM authentication. https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions