Replies: 1 comment
-
|
https://docs.kafka-ui.provectus.io/faq/common-problems#aws-msk-w-iam-access-denied |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Issue resolved: after giving more specific kafka-cluster permissions to the policy. https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#create-iam-access-control-policies
I am trying to configure the UI to connect to MKS instance.
XXX.us-west-2.compute.amazonaws.com:8080/ui/clusters/create-new-cluster
I instantiated the AWS marketplace kafka UI instance. It is assigned an IAM role that has permissions to connect to the kafka cluster and I have verified by logging in to the kafka UI instance that it has connectivity to the kafka cluster by way of the IAM role.
On the configuration UI, I have selected
Authentication Method: SASL/AWS IAM
Security Protocol: SASL/SSL
AWS Profile Name: OR default (second try)
When I press "Validate" it says
Kafka Cluster
Error connecting to cluster. See logs for details.
I don't see logs anywhere. I searched everywhere on the kafka UI instance as well.
The security group attached to the publicly accessible kafka cluster gives inbound to 9000-9200 port range from outside.
What am I doing wrong? Do I need to explicitly configure AWS credentials on the kafka UI instance and provide a profile?
-- The error log now says that the SASL Auth failed for 'access denied': Jul 11 16:15:41 XXX.us-west-2.compute.internal java[14828]: org.apache.kafka.common.errors.SaslAuthenticationException: [UUID]: Access denied. So, now it's clear that connectivity is not the issue, but the SASL/IAM config is. Possibly an issue with the attached policy, but it couldn't be because the manually configured user's credentials pertain to an admin user. Is there a policy json someone can share that gives the requisite access to the IAM user that the kafka-ui app is using to connect to the kafka cluster?
Beta Was this translation helpful? Give feedback.
All reactions