Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Support for IAM + AWS Managed Kafka (MSK) #198

Closed
brizzbuzz opened this issue May 17, 2022 · 8 comments · Fixed by #313
Closed

Support for IAM + AWS Managed Kafka (MSK) #198

brizzbuzz opened this issue May 17, 2022 · 8 comments · Fixed by #313

Comments

@brizzbuzz
Copy link

Neat project 👋 hopefully I'm not missing something obvious here (I checked the examples folder) but it doesn't seem like there is any way to configure kaf to use IAM in order to connect to an AWS managed kafka cluster.

This would be an incredibly useful feature. I am happy to try my best to contribute :) though I have never written golang beyond a couple tutorials
@birdayz
Copy link
Owner

birdayz commented May 18, 2022

How does authentication with MSK work? Anything SASL based? Maybe we can make use of the options we support.

@jonatas-barbosa
Copy link

+1 I'm also interested in that. Here's the library that AWS provides for accessing its managed cluster using SASL and IAM - https://github.com/aws/aws-msk-iam-auth.

@birdayz
Copy link
Owner

birdayz commented May 20, 2022

Hm..i could not find a go library for it :(

https://github.com/aws/aws-msk-iam-auth/tree/main/src/main/java/software/amazon/msk/auth/iam/internals

It guess it would be possible to implement it. We support SASL, and SASL implementations should be pluggable.
If somebody is interested in doing an implementation, i would welcome this. It could live outside kaf, and we just integrate it here.

@birdayz
Copy link
Owner

birdayz commented Jun 1, 2022
edited
Loading

FYI:
there is go code for handling aws iam, on franz-go: https://github.com/twmb/franz-go/blob/master/pkg/sasl/aws/aws.go

we use sarama on kaf, but i think it should be possible to build a wrapper around this for use in kaf/sarama. However, i don't have the time for it - if somebody is interested, i'll be happy to accept a PR.

@bpaquet
Copy link

bpaquet commented Nov 17, 2022

Hello, I have a working version in this branch: https://github.com/bpaquet/kaf/tree/msk_iam

This cannot be merged, because this PR need to be merged before in Sarama.

But in the mean time, you can checkout the branch above, build and enjoy :)

@yermulnik
Copy link

Hm..i could not find a go library for it :(

FWIW: https://github.com/aws/aws-msk-iam-sasl-signer-go

@Dawnflash
Copy link
Contributor

Dawnflash commented Mar 11, 2024
edited
Loading

#313 addresses this

@Dawnflash Dawnflash mentioned this issue Mar 11, 2024
Merged
@benjefferies
Copy link

Top effort @Dawnflash. I was just starting to investigate a kaf yesterday and this was my first hurdle. In the middle of testing your fork but initial testing shows it's working well 👍

Thanks for your efforts!

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for the AWS_MSK_IAM SASL mechanism Dawnflash/kaf
7 participants
@bpaquet @yermulnik @brizzbuzz @Dawnflash @birdayz @benjefferies @jonatas-barbosa