To authenticate using IAM create the cluster with:
ClientAuthentication:
Sasl:
Iam:
Enabled: trueThis enables IAM authentication for the cluster. To login to the cluster with IAM authentication use the IAM jar in your classpath.
For example if it's a maven project add the following to your dependencies mainfest:
<dependency>
<groupId>software.amazon.msk</groupId>
<artifactId>aws-msk-iam-auth</artifactId>
<version>1.1.6</version>
</dependency>or directly download the corresponding jar file from https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.6/aws-msk-iam-auth-1.1.6-all.jar
To enable IAM authentication add following properties, to the producer, consumer or any other kafka service that needs to authenticate through IAM:
# Sets up TLS for encryption and SASL for authN.
security.protocol = SASL_SSL
# Identifies the SASL mechanism to use.
sasl.mechanism = AWS_MSK_IAM
# Binds SASL client implementation.
sasl.jaas.config = software.amazon.msk.auth.iam.IAMLoginModule required;
# Encapsulates constructing a SigV4 signature based on extracted credentials.
# The SASL client bound by "sasl.jaas.config" invokes this class.
sasl.client.callback.handler.class = software.amazon.msk.auth.iam.IAMClientCallbackHandlerThis configuration finds IAM credentials using the AWS Default Credentials Provider Chain.
For example let's say we want to list the kafka topics, we load these properties file after storing into file called client.properties
and run command from your kafka path:
./bin/kafka-topics.sh --bootstrap-server "${KAFKA_BOOTSTRAP_SERVERS}" --list --command-config client.properties