By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Custom DNS for MSK

0

Hi, how can I "mask" an MSK endpoint with a custom domain? I'm trying to find a solution that won't cause SSL issues. Thanks!

Topics
AnalyticsNetworking & Content Delivery
Tags
Amazon Managed Streaming for Apache Kafka (Amazon MSK)Amazon Route 53
Language
English
rePost-User-5941005
asked a year ago1311 views
2 Answers
1

[Updated as this answer was incorrect]

profile pictureAWS
Ananth Tirumanur
answered a year ago
  • EdbE
    a year ago

    Can you elaborate, at which point this provides connectivity with MSK/Kafka?

0
Accepted Answer

Custom domain names are not supported at this point. The only work around possible would involves non-data PLAINTEXT access for bootstrapping (fetch metadata request) and regular SSL for data-in-transfer encryption.

  1. Update advertised listeners to have port 9094 for PLAINTEXT protocol
  2. Define R53 A-record with custom domain name resolved to an NLB with targets to all brokers to port 9092 (PLAINTEXT) a. create certificates in ACM and deploy on NLB listeners b. define NLB listeners as TLS to terminate TLS connection at NLB

This will let you use custom domain name with TLS traffic. Limitation of this approach is that it won't work with SASL (SCRAM, IAM), because listeners don't have SASL implementation mechanisms.

AWS
EdbE
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content