Versions Compared

Old Version 5

changes.mady.by.user Lakshmi Manda

Saved on

compared with

New Version Current

changes.mady.by.user Kalpana Malladi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this article

Table of Contents
minLevel1
maxLevel2absoluteUrl3
outlinefalse
styledefault
typelist
printabletrue

Overview

You can use this account type to connect Kafka Snaps with data sources that use the Kafka MSK IAM Account.

Prerequisites

Limitations and Known Issues

None.

Account Settings

...

Info

  • Asterisk ( * ): Indicates a mandatory field.

  • Suggestion icon ( (blue star) ): Indicates a list that is dynamically populated based on the configuration.

  • Expression icon ( (blue star) ): Indicates the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.

  • Add icon ( (blue star) ): Indicates that you can add fields in the field set.

  • Remove icon ( (blue star) ): Indicates that you can remove fields from the field set.

Field Name

Field Type

Description

Label*

 

Default ValueKafka MSK IAM Account
ExampleKafka_Client_Auth_MSK_IAM

String

Specify a unique label for the account.

 

Bootstrap servers*

Use this field set to specify the ordered list of host-port pairs to establish an initial connection to the Kafka cluster.

Bootstrap server

 

Default Value: N/A
Example

b-1.kafka-cluster-name.abcde.c5.kafka.us-west-2.amazonaws.com:9092

String/Expression

Specify a host-port pair that you use to establish an initial connection to the Kafka cluster.

 

Schema registry URL

 

Default Value: N/A
Examplehttp://localhost:8081

String/Expression

Specify the URL for the schema registry server.

Advanced Kafka properties

Use this field set to specify any additional properties

for connection

to connect to the Kafka server

that are

not explicitly provided in the Snap.

These properties are directly passed to the Kafka server and not tested by SnapLogic, Inc.

Key

 

Default Value: N/A
Examplesession.timeout.ms

String/Expression

Specify the key for the Kafka property that Snap does not explicitly support.

 

Value

 

Default Value: N/A
Example10000

Integer/Expression

Specify the value for the Kafka property that Snap does not explicitly support.

 

Security protocol

 

Default ValueSASL_SSL
ExampleSSL

 

Select one of the following security protocols from the suggestions:

  • SSL

  • SASL_SSL

  • SASL_PLAINTEXT

IAM Role

 

Default ValueDeselected

Checkbox

Select this checkbox to use the IAM role associated with the EC2 instance to access the MSK cluster.

This feature

Learn more - Access the MSK cluster from inside AWS but outside the cluster's Amazon VPC.

The IAM role applies only to EC2-type Groundplexes. For the required configuration, refer to the IAM Access Control for Amazon Managed Streaming for Apache Kafka.

Cross account IAM properties

AWS role ARN

 

Default Value: N/A
Examplearn:aws:iam::

123456789012

12345678929:role/

KafkaProducerRole

snaptest-msk-cluster-read-write-role

String/Expression

Specify the ARN of the cross-account IAM role. This ARN defines the permissions and trust policies for assuming the role. Learn more about ARNs.

External ID

 

Default Value: N/A
Example

EXTERNAL_ID_VALUE

my-external-id-12345

String/Expression

Specify the external ID to add an extra layer of security by preventing ‘confused deputy’ attacks. Learn more - confused deputy attacks.

You must configure this field when a third party assumes the role.

AWS region

 

Default Value: N/A
Exampleus-west-2

String/Expression

Specify the AWS region where the application is running.

  • Using a region-specific endpoint that matches the MSK cluster’s region can improve the performance.

  • If

the region is not specified

  • you do not specify a region, the AWS global default region is used.

 

Session duration (seconds)

 

Default Value: N/A
Example900

String/Expression

Specify the duration in seconds for which the assumed role session is valid.

  • The session duration can range from 900 seconds (15 minutes) to the maximum session duration set for the field.

  • By default, the maximum session duration is 1 hour, but you can set it

can be customized

  • to a maximum of 12 hours.

  • If the maximum session duration exceeds the maximum duration configured for the role, the

user

  • request is denied.

Session name

 

Default Value: N/A
Example:

 client

 kafka-access-session-2024-09-24

String/Expression

Specify an identifier for the assumed role session. This identifier helps to uniquely identify a session when different entities assume the same role

is assumed by different entities

.

Troubleshooting

Error

Reason

Resolution

Account validation failedError assuming the role with roleArn.

The Pipeline ended before the batch could complete execution due to a connection error.Verify that the Refresh token field is configured to handle the inputs properly. If you are not sure when the input data is available, configure this field as zero to keep the connection always openRole ARN, External ID, or the session duration has incorrect information.

Ensure that the role configuration, ARN, external ID, and session duration are correct, check AWS service status, handle exceptions properly, and consult customer support if needed.

Insert excerpt
XYZ Kafka Snap PackXYZ
Kafka Snap Pack

...

Endpoint Doc Link 1

...

Endpoint Doc Link 2

...

Endpoint Doc Link 3

...

Getting Started with SnapLogic

...

nopaneltrue

...

Related information

https://docs.aws.amazon.com/msk/latest/developerguide/aws-access.html

https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html

https://github.com/aws/aws-msk-iam-auth/blob/main/README.md#specifying-an-aws-iam-role-for-a-client