使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Custom DNS for MSK

0

Hi, how can I "mask" an MSK endpoint with a custom domain? I'm trying to find a solution that won't cause SSL issues. Thanks!

主題
分析網路與內容交付
標籤
Amazon Managed Streaming for Apache Kafka (Amazon MSK)Amazon Route 53
語言
English
rePost-User-5941005
已提問 1 年前檢視次數 1335 次
2 個答案
1

[Updated as this answer was incorrect]

profile pictureAWS
Ananth Tirumanur
已回答 1 年前
  • EdbE
    1 年前

    Can you elaborate, at which point this provides connectivity with MSK/Kafka?

0
已接受的答案

Custom domain names are not supported at this point. The only work around possible would involves non-data PLAINTEXT access for bootstrapping (fetch metadata request) and regular SSL for data-in-transfer encryption.

  1. Update advertised listeners to have port 9094 for PLAINTEXT protocol
  2. Define R53 A-record with custom domain name resolved to an NLB with targets to all brokers to port 9092 (PLAINTEXT) a. create certificates in ACM and deploy on NLB listeners b. define NLB listeners as TLS to terminate TLS connection at NLB

This will let you use custom domain name with TLS traffic. Limitation of this approach is that it won't work with SASL (SCRAM, IAM), because listeners don't have SASL implementation mechanisms.

AWS
EdbE
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容