Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KafkaCtl with AWS MSK and IAM auth #152

Closed
Joel-PeakMetrics opened this issue Jun 14, 2023 · 6 comments · Fixed by deviceinsight/kafkactl-plugins#1 or #211
Closed

KafkaCtl with AWS MSK and IAM auth #152

Joel-PeakMetrics opened this issue Jun 14, 2023 · 6 comments · Fixed by deviceinsight/kafkactl-plugins#1 or #211
Labels
enhancement New feature or request

Comments

@Joel-PeakMetrics
Copy link

Hello,

I'd like to use KafkaCtl with AWS MSK. The MSK cluster is currently enabled with IAM auth only. Is there a way to enable kafkactl to use IAM SASL auth?

This configuration is working for the kafka java commands:

security.protocol=SASL_SSL
sasl.mechanism=AWS_MSK_IAM
sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;
sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler

Thanks for your help!
@d-rk
Copy link
Collaborator

d-rk commented Jun 15, 2023

Hi @Joel-PeakMetrics

that is currently not possible. There is an open issue (and a related PR) in the kafka library we use:
IBM/sarama#1985

When something happens with that issue we can look into this again.

Regards

@d-rk d-rk added enhancement New feature or request blocked Cannot be implemented at the meoment labels Jun 15, 2023
@alahijani
Copy link

alahijani commented Dec 21, 2023
edited
Loading

@d-rk The IBM/sarama issue is now closed.

@d-rk
Copy link
Collaborator

d-rk commented Dec 23, 2023

It should now be possible to implement this using: https://github.com/aws/aws-msk-iam-sasl-signer-go

@d-rk d-rk removed the blocked Cannot be implemented at the meoment label Dec 23, 2023
@d-rk d-rk mentioned this issue Mar 8, 2024
Merged
4 tasks
@KeisukeYamashita KeisukeYamashita mentioned this issue Jul 30, 2024
Merged
5 tasks
@KeisukeYamashita
Copy link
Contributor

KeisukeYamashita commented Jul 30, 2024
edited
Loading

Hi @d-rk, apologies for the interruption.

I've submitted a PR to implement a feature that eliminates the need for static ID/PWDs, making this tool even more useful for AWS MSK users: deviceinsight/kafkactl-plugins#1.
It worked perfectly on our AWS MSK cluster with IAM access control enabled.

Please take a look when you have a moment. Thank you!

@KeisukeYamashita
Copy link
Contributor

KeisukeYamashita commented Aug 1, 2024
edited
Loading

@d-rk I hope this message finds you well.

If adding it upstream is challenging, no worries; since it’s a plugin, I can close the PR and offer it independently so that AWS MSK users can securely access their cluster in a keyless manner. Nonetheless, I would appreciate your thoughts on it.

Thanks in advance for your time and feedback.

@d-rk
Copy link
Collaborator

d-rk commented Aug 1, 2024

Hey @KeisukeYamashita thank you for the PR.
Implementing the AWS plugin is on my list since I introduced the plugin system, so I'm glad that you helped me out here :)
Hopefully next week I will find time to review it.

Regards, Dirk

@KeisukeYamashita KeisukeYamashita mentioned this issue Aug 11, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
4 participants
@alahijani @d-rk @KeisukeYamashita @Joel-PeakMetrics