We have 3 different how-tos for Zilla Plus (Public MSK Proxy)
Development
Production
Production (Mutual Trust)
The Production (Mutual Trust) how-to illustrates using TLS client certificates for client authentication, but the Production how-to illustrates unauthenticated access via TLS.
Let's modify the Production how-to to use SASL/SCRAM authentication end-to-end via Zilla Plus (Public MSK Proxy) as this is a common use case when the Kafka client is not using TLS client certificates for authentication.
Changes needed include
Configure MSK cluster for SASL/SCRAM authentication
note: uses port 9096 (sasl), not port 9094 (tls)
applies to all ports in how-to, including command line to test via Kafka client
Create AmazonMSK_alice secret with value alice-secret using non-default encryption key
We have 3 different how-tos for
Zilla Plus (Public MSK Proxy)DevelopmentProductionProduction (Mutual Trust)The
Production (Mutual Trust)how-to illustrates using TLS client certificates for client authentication, but theProductionhow-to illustrates unauthenticated access via TLS.Let's modify the
Productionhow-to to useSASL/SCRAMauthentication end-to-end viaZilla Plus (Public MSK Proxy)as this is a common use case when the Kafka client is not using TLS client certificates for authentication.Changes needed include
SASL/SCRAMauthenticationAmazonMSK_alicesecret with valuealice-secretusing non-default encryption keyAmazonMSK_alicesecret with MSK cluster (requires secret uses non-default encryption key)client.propertiesto useSASL/SCRAMand authenticate asaliceAmazonMSK_alicesecret value (plaintext)client.properties