2 Answers
- Newest
- Most votes
- Most comments
0
Custom domain names are not supported at this point. The only work around possible would involves non-data PLAINTEXT access for bootstrapping (fetch metadata request) and regular SSL for data-in-transfer encryption.
- Update advertised listeners to have port 9094 for PLAINTEXT protocol
- Define R53 A-record with custom domain name resolved to an NLB with targets to all brokers to port 9092 (PLAINTEXT) a. create certificates in ACM and deploy on NLB listeners b. define NLB listeners as TLS to terminate TLS connection at NLB
This will let you use custom domain name with TLS traffic. Limitation of this approach is that it won't work with SASL (SCRAM, IAM), because listeners don't have SASL implementation mechanisms.
answered a year ago
Relevant content
- asked 2 years ago
- asked 10 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Can you elaborate, at which point this provides connectivity with MSK/Kafka?