MSK cluster with SCRAM-SHA-512 suddenly throws authentication error

Question

Hi,

I have an MSK with SASL SCRAM-SHA-512 and all pubs/subs connected to it never had a problem until now - `Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512`; I see this message in the logs and there is obviously a problem publishing messages right now.

The applications(NestJS using Kafkajs under the hood) are retrieving the secret associated with the cluster at runtime plus the list of brokers and they used to connect successfully:

https://kafka.js.org/docs/1.10.0/configuration#sasl
```
                              ssl: true,
                                sasl: {
                                    mechanism: KAFKA_SASL_MECHANISM,
                                    username,
                                    password,
                                },

```

Nothing in the cluster s configuration has changed - the security group is the same, and the cluster configuration. Cluster doesn't have any ACLs.
Any ideas would be appreciated.

Answer

Hello.

I think it would be good to check the two links below for your inquiry.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-msk.html#pipes-msk-cluster-permissions
https://docs.aws.amazon.com/msk/latest/developerguide/limits.html

If there is no change in setting, please check the phrase below.
"Limits on TCP connections. A cluster that uses IAM access control can accept new connections at a rate of up to 20 TCP connections per broker per second for all broker types, except for the type kafka.t3.small. Brokers of type kafka.t3.small are limited to 4 TCP connections per broker per second."

Thank you.

MSK cluster with SCRAM-SHA-512 suddenly throws authentication error

Relevant content