[Feature request] Support for MSK & IAM integration #1985
Comments
|
There's implementation reference for AWS_MSK_IAM at Can we sort of copy-pasta your AWS_MSK_IAM code in |
|
kafka-go now has another reference implementation, which uses the aws-sdk to perform the signing, if the maintainers prefer that. |
|
opentelemetry managed to work around this without any changes to sarama. https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/exporter/kafkaexporter/authentication.go#L127 |
|
This needs to be added to the main project, the otel contribution written by me is currently flawed since sarama does validation checks on the auth mechanism used. This should be a simple as taking the current version in otel and making it part of the main library. |
|
Thank you for taking the time to raise this issue. However, it has not had any activity on it in the past 90 days and will be closed in 30 days if no updates occur. |
github-actions
bot
added
the
stale
|
@MovieStoreGuy any progress on this? |
|
AWS has released a solution here https://github.com/aws/aws-msk-iam-sasl-signer-go |
Is your feature request related to a problem? Please describe.
Recently, AWS released an integration between Amazon MSK (Amazon Managed Stream for Kafka) and IAM (Identity & Access Management). There is an example of this implementation but they're using a java client and a library named aws-msk-iam-auth in order to match IAM security.
Describe the solution you'd like
Would like to fully support this new integration.
Additional context
Currently, the only security measures that can be added to a Amazon MSK cluster is by protecting it with security groups or TLS. These options are full deny or full allow, there's no way to define a set of access per topic. This new integration with IAM allow this.
The text was updated successfully, but these errors were encountered: