How to create a super user on MSK
What's the easiest way to have a super user on MSK using SASL/SCRAM
As super.users parameter is currently not supported in MSK, following is one way to achieve something similar -- allow.everyone.if.no.acl.found is by default set to true, so you can start by adding ACLs for the intended principal/user allowing all 'operations' on resource types like topic, group. And on resource type 'cluster' add ACLs for all operations except CLUSTER_ACTIONS(to avoid blocking brokers, don't set ACLs on CLUSTER_ACTIONS)(1).
After you set the Apache Kafka ACLs for the user, update the cluster's configuration to have the property allow.everyone.if.no.acl.found to false for the cluster(2). This way above user will act similar to a super user and all other users will be denied access unless ACLs are added for other users as well.
(1) https://docs.aws.amazon.com/msk/latest/developerguide/msk-acls.html
(2) https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-operations.html
Relevant questions
MSK Custom Configuration using Cloudformation
asked 4 months agoUsing MSK as trigger to a Lambda with SASL/SCRAM Authentication
asked a month agoHow to enroll for MSK Serverless
asked 7 months agoHow to create a super user on MSK
asked 6 months agoMSK - HELP Backup
asked a month agoHow to connect Glue to MSK with IAM authentication?
asked 7 months agoLambda MSK trigger not working
asked 2 years agojava.nio.channels.UnresolvedAddressException when trying to create a topic in Amazon MSK
asked 6 months agoMSK Connect - Failed to create using in-built AWSServiceRoleForKafkaConnect role
asked 5 months agoHow to reset offset of a consumer group created through MSK connect
asked 2 months ago