diff --git a/.chloggen/main.yaml b/.chloggen/main.yaml
new file mode 100644
index 0000000000000..9f7f2d0fdfd5e
--- /dev/null
+++ b/.chloggen/main.yaml
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: exporter/kafka
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: do not ask for user and password if auth mechanism is set to AWS IAM
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [37417]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []
diff --git a/exporter/kafkaexporter/config.go b/exporter/kafkaexporter/config.go
index aac2cf77c097c..6c66cc121cad8 100644
--- a/exporter/kafkaexporter/config.go
+++ b/exporter/kafkaexporter/config.go
@@ -135,12 +135,13 @@ func validateSASLConfig(c *kafka.SASLConfig) error {
 		return nil
 	}
 
-	if c.Username == "" {
-		return fmt.Errorf("auth.sasl.username is required")
-	}
-
-	if c.Password == "" {
-		return fmt.Errorf("auth.sasl.password is required")
+	if c.Mechanism != "AWS_MSK_IAM" && c.Mechanism != "AWS_MSK_IAM_OAUTHBEARER" {
+		if c.Username == "" {
+			return fmt.Errorf("auth.sasl.username is required")
+		}
+		if c.Password == "" {
+			return fmt.Errorf("auth.sasl.password is required")
+		}
 	}
 
 	switch c.Mechanism {
diff --git a/exporter/kafkaexporter/config_test.go b/exporter/kafkaexporter/config_test.go
index 18b3e6568873c..43f4ac94966e7 100644
--- a/exporter/kafkaexporter/config_test.go
+++ b/exporter/kafkaexporter/config_test.go
@@ -295,6 +295,22 @@ func TestValidate_sasl_version(t *testing.T) {
 	assert.EqualError(t, err, "auth.sasl.version has to be either 0 or 1. configured value 42")
 }
 
+func TestValidate_sasl_iam(t *testing.T) {
+	config := &Config{
+		Producer: Producer{
+			Compression: "none",
+		},
+		Authentication: kafka.Authentication{
+			SASL: &kafka.SASLConfig{
+				Mechanism: "AWS_MSK_IAM",
+			},
+		},
+	}
+
+	err := config.Validate()
+	assert.NoError(t, err)
+}
+
 func Test_saramaProducerCompressionCodec(t *testing.T) {
 	tests := map[string]struct {
 		compression         string