Kafka MSK IAM Account

In this article

Overview

You can use this account type to connect Kafka Snaps with data sources that use the Kafka MSK IAM Account.

Prerequisites

Limitations and Known Issues

None.

Account Settings

kafka-msk-iam-account.png

ย 

  • Asterisk ( * ): Indicates a mandatory field.

  • Suggestion icon ( ): Indicates a list that is dynamically populated based on the configuration.

  • Expression icon ( ): Indicates the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.

  • Add icon ( ): Indicates that you can add fields in the field set.

  • Remove icon ( ): Indicates that you can remove fields from the field set.

Field Name

Field Type

Description

Field Name

Field Type

Description

Label*

ย 

Default Value:ย Kafka MSK IAM Account
Example:ย Kafka_Client_Auth_MSK_IAM

String

Specify a unique label for the account.

ย 

Bootstrap servers*

Use this field set to specify the ordered list of host-port pairs to establish an initial connection to the Kafka cluster.

Bootstrap server

ย 

Default Value:ย N/A
Example:ย 

b-1.kafka-cluster-name.abcde.c5.kafka.us-west-2.amazonaws.com:9092

String/Expression

Specify a host-port pair that you use to establish an initial connection to the Kafka cluster.

ย 

Schema registry URL

ย 

Default Value:ย N/A
Example:ย http://localhost:8081

String/Expression

Specify the URL for the schema registry server.

Advanced Kafka properties

Use this field set to specify any additional properties to connect to the Kafka server not explicitly provided in the Snap.

These properties are directly passed to the Kafka server and not tested by SnapLogic, Inc.

Key

ย 

Default Value:ย N/A
Example:ย session.timeout.ms

String/Expression

Specify the key for the Kafka property that Snap does not explicitly support.

ย 

Value

ย 

Default Value:ย N/A
Example:ย 10000

Integer/Expression

Specify the value for the Kafka property that Snap does not explicitly support.

ย 

Security protocol

ย 

Default Value:ย SASL_SSL
Example:ย SSL

ย 

Select one of the following security protocols from the suggestions:

  • SSL

  • SASL_SSL

  • SASL_PLAINTEXT

IAM Role

ย 

Default Value:ย Deselected

Checkbox

Select this checkbox to use the IAM role associated with the EC2 instance to access the MSK cluster. Learn more - Access the MSK cluster from inside AWS but outside the cluster's Amazon VPC.

The IAM role applies only to EC2-type Groundplexes. For the required configuration, refer to the IAM Access Control for Amazon Managed Streaming for Apache Kafka.

Cross account IAM properties

AWS role ARN

ย 

Default Value:ย N/A
Example:ย arn:aws:iam::12345678929:role/snaptest-msk-cluster-read-write-role

String/Expression

Specify the ARN of the cross-account IAM role. This ARN defines the permissions and trust policies for assuming the role. Learn more about ARNs.

External ID

ย 

Default Value:ย N/A
Example:ย my-external-id-12345

String/Expression

Specify the external ID to add an extra layer of security by preventing โ€˜confused deputyโ€™ attacks. Learn more - confused deputy attacks.

AWS region

ย 

Default Value:ย N/A
Example:ย us-west-2

String/Expression

Specify the AWS region where the application is running.

ย 

Session duration (seconds)

ย 

Default Value:ย N/A
Example:ย 900

String/Expression

Specify the duration in seconds for which the assumed role session is valid.

Session name

ย 

Default Value:ย N/A
Example:ย kafka-access-session-2024-09-24

String/Expression

Specify an identifier for the assumed role session. This identifier helps to uniquely identify a session when different entities assume the same role.

Troubleshooting

Error

Reason

Resolution

Error

Reason

Resolution

Error assuming the role with roleArn.

The Role ARN, External ID, or the session duration has incorrect information.

Ensure that the role configuration, ARN, external ID, and session duration are correct, check AWS service status, handle exceptions properly, and consult customer support if needed.

ย 


Related information

https://docs.aws.amazon.com/msk/latest/developerguide/aws-access.html

https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html

aws-msk-iam-auth/README.md at main ยท aws/aws-msk-iam-auth