- Newest
- Most votes
- Most comments
The recommended way to achieve this is using IAM authentication. IAM controls both who can be authenticated and authorized to use Amazon MSK resources. For your use case, "kafka-cluster:" Action must be allowed on all topics (eg : arn:aws:kafka:<region>:<account>:topic/ClusterName/) in the authorization policy of User 1.
Similar authorization policy can be used for User 2 and User 3 but only for one topic ( arn:aws:kafka:<region>:<account>:topic/ClusterName/<topicname>). Complete information about IAM authentication and authorization - [1] https://aws.amazon.com/blogs/big-data/securing-apache-kafka-is-easy-and-familiar-with-iam-access-control-for-amazon-msk/.
One other way if using SASL/SCRAM or TLS auth is to use ACLs. By setting ACLs you can restrict who can access topics - [2] https://docs.aws.amazon.com/msk/latest/developerguide/msk-acls.html
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked a year ago
- asked 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago