We have 3 different how-tos for Zilla Plus (Public MSK Proxy)
Development
Production
Production (Mutual Trust)
The Production (Mutual Trust) how-to illustrates using TLS client certificates for client authentication, but the Production how-to illustrates unauthenticated access via TLS.
Let's modify the Production how-to to use SASL/SCRAM authentication end-to-end via Zilla Plus (Public MSK Proxy) as this is a common use case when the Kafka client is not using TLS client certificates for authentication.
Changes needed include
Configure MSK cluster for SASL/SCRAM authentication
note: uses port 9096 (sasl), not port 9094 (tls)
applies to all ports in how-to, including command line to test via Kafka client
Create AmazonMSK_alice secret with value alice-secret using non-default encryption key
We have 3 different how-tos for
Zilla Plus (Public MSK Proxy)
Development
Production
Production (Mutual Trust)
The
Production (Mutual Trust)
how-to illustrates using TLS client certificates for client authentication, but theProduction
how-to illustrates unauthenticated access via TLS.Let's modify the
Production
how-to to useSASL/SCRAM
authentication end-to-end viaZilla Plus (Public MSK Proxy)
as this is a common use case when the Kafka client is not using TLS client certificates for authentication.Changes needed include
SASL/SCRAM
authenticationAmazonMSK_alice
secret with valuealice-secret
using non-default encryption keyAmazonMSK_alice
secret with MSK cluster (requires secret uses non-default encryption key)client.properties
to useSASL/SCRAM
and authenticate asalice
AmazonMSK_alice
secret value (plaintext)client.properties