Skip to main content

AWS MSK IAM authentication

For AWS Managed Streaming for Apache Kafka (MSK) with IAM authorization, jEAP Messaging integrates IAM-based authentication. It requires the jeap-messaging-aws-msk-iam-auth module (see Choosing dependencies). It is independent of the Glue Schema Registry but usually combined with it.

Credentials

jEAP Messaging expects an AwsCredentialsProvider Spring bean. If none is present, it falls back to a DefaultCredentialsProvider, for example the ECS task role.

Configuration

All properties live under jeap.messaging.kafka.cluster.<name>.aws.msk.*.

NameMandatoryDefaultDescription
cluster.<name>.aws.msk.iamAuthEnabledYfalseActivates the MSK IAM authentication integration
cluster.<name>.aws.msk.regionNAWS STS region; mandatory only when AssumeRole is used to authenticate against MSK
cluster.<name>.aws.msk.assumeIamRoleArnNARN of a role to assume for cross-account access to MSK
jeap:
messaging:
kafka:
cluster:
default-cluster:
aws:
msk:
iamAuthEnabled: true
region: eu-central-1