Use AMS Self-Service Provisioning (SSP) mode to access Amazon Managed Streaming for Apache Kafka (Amazon MSK) capabilities directly in your AMS managed account. Amazon Managed Streaming for Apache Kafka is a fully managed AWS streaming data service makes it easy for you to build and run applications that use Apache Kafka to process streaming data without needing to become an expert in operating Apache Kafka clusters. Amazon MSK manages the provisioning, configuration, and maintenance of Apache Kafka clusters and Apache ZooKeeper nodes for you. Amazon MSK also shows key Apache Kafka performance metrics in the AWS Console.
Amazon MSK provides multiple levels of security for your Apache Kafka clusters, including VPC
network isolation, AWS IAM for control-plane API authorization, encryption at rest, TLS
encryption in-transit, TLS based certificate authentication, SASL/SCRAM authentication secured
by AWS Secrets Manager.
To learn more, see Amazon MSK
Amazon MSK in AWS Managed Services FAQs
Common questions and answers:
Q: How do I request access to Amazon MSK in my AMS account?
Request access by submitting a Management | AWS service | Self-provisioned service | Add (review required) (ct-3qe6io8t6jtny) change type. This RFC provisions the following IAM policies and role to your account:
customer-msk-admin-policy.jsonAmazonMSKFullAccesscustomer-msk-admin-role.json
Once provisioned in your account you must onboard the role in your federation solution.
Q: What are the restrictions to using Amazon MSK?
For Amazon MSK to deliver broker logs to the destinations that you configure, ensure
that the AmazonMSKFullAccess policy is attached to your IAM role.
So full access permissions are already in place.
Q: What are the prerequisites or dependencies to using Amazon MSK?
Before creating your MSK cluster, you must have a VPC and subnets within that VPC. By default, AMS has this covered as part of default AMS VPC creation.
To learn about the limitation of Amazon MSK, refer to Amazon MSK Limits.
