By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

MSK Connect - Failed to create using in-built AWSServiceRoleForKafkaConnect role

1

I have created many connectors already using very similar configuration. Since yesterday (25th Jan 2022) I am unable to create a kafka connector using the AWSServiceRoleForKafkaConnect role. The existing connectors that have already been created are still working fine. Here is the error I get when clicking Create Connector on the last page in the form:

Error creating connector There was a problem creating a connector. If the problem persists, contact AWS Support. API response Invalid parameter serviceExecutionRoleArn: A service linked role ARN cannot be provided as service execution role ARN.

I have tried to create a connector with the same configuration that has already worked, only now I'm receiving the error above. Has something been updated around this? Do I need to create a new service role?

Other Details: Using small MSK cluster with Authenticate=None using camel connector jar file (that is currently working with other connectors)

Topics
Analytics
Tags
Amazon Managed Streaming for Apache Kafka (Amazon MSK)
Language
English
AWS-User-7872026
asked 2 years ago317 views
1 Answer
0

Hi there, there were some recent changes made to the use of Service Linked Roles (SLR) as an execution role for Amazon MSK Connect Connectors. SLRs are no longer allowed to be used as the execution role. This may not affect Connectors which do not interact with Amazon MSK clusters or other resources using IAM authentication, but will affect any interaction with IAM controlled resources. It is recommend that all connector execution roles use customer managed roles with Trust Relationships including kafkaconnect.amazonaws.com. See the documentation on Service Execution Roles (1) for more details.

Currently the console allows the selection of an SLR (AWSServiceRoleForKafkaConnect) as the execution role, this will be removed in future updates and should not be used when creating connectors.

(1) https://docs.aws.amazon.com/msk/latest/developerguide/msk-connect-service-execution-role.html

AWS
SUPPORT ENGINEER
Harshith_M
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content