Creating and Connecting an AWS MSK cluster using SASL
Nov 6, 2024
- Create an AWS Secret in AWS Secrets Manager (other type of secret, 2 key/value rows of username and password; need to create a new encryption key since MSK doesn’t like default)
- Create a MSK cluster. You will have to pick a custom provisioned type (serverless, and the provisioned default is IAM).
- After you finish creating your MSK cluster, it’ll ask you to associate a secret. This is where you select the one you just created.
- Create a VPC peering between the MSK VPC and the calling VPC. Enable resolve DNS of hosts for both VPCs and create 2 route table entries.
- Modify AWS security group to add your application's security to MSK security group’s inbound rules.
- Connect using client credentials SASL/SCRAM_SHA_512 using the username and password you’ve defined.
I tested the client connection by installing conduktor (cloud formation).