- 最新
- 最多得票
- 最多評論
Thanks a lot Mahesh!
If it's possible to share approx. ETA of resource based policy availability for MSK Serverless that would be super helpful. I see there is a cluster Policy in AWS console for MSK Serverless cluster that allow some sharing with other accounts but I can't add "kafka-cluster:*" actions to it.
Hello there,
As MSK Serverless only supports IAM Authentication, and it doesn’t have any resource based policy yet, unfortunately, it is not possible to access MSK Serverless cluster from cross account MSK Connect at the moment.
Hello there,
I just checked it again and observed that we have new change in MSK Serverless which allows you to add Cluster Policy.
You can customise that cluster policy by clicking on Advanced option and give the required actions and resources.
Please refer to the below screenshot:
Thanks Mahesh,
That's looks like exactly what I need. However when I try to add "kafka-cluster:*" actions to this policy I got the following errors:
The cluster policy is not valid. Action field includes AWS services that inconsistent with specified vendor.
Is there anything I'm doing wrong?
The consumer application requires "kafka-cluster:Connect" permissions to connect to Kafka cluster - https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#actions:~:text=to%20serverless%20clusters-,kafka%2Dcluster%3AConnect,-Grants%20permission%20to.
When I try connecting with permissions on your screenshot I get Access Denied error.
Thanks, Pavel
相關內容
AWS 官方已更新 3 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前