Enables developers to use AWS Identity and Access Management (IAM) to connect to their Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters.
Apache License 2.0
142
stars
65
forks
source link
Support for external id for role-based authentication #108
There's currently no support for specifying an external id when authenticating with a role ARN, so if the role's trust relationship requires an external id, attempting to authenticating to the MSK cluster would cause the following error.
Caused by com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: User: <role> is not authorized to perform: sts:AssumeRole on resource: <resource> (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: <request-id>; Proxy: null)
There's currently no support for specifying an external id when authenticating with a role ARN, so if the role's trust relationship requires an external id, attempting to authenticating to the MSK cluster would cause the following error.
Caused by com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: User: <role> is not authorized to perform: sts:AssumeRole on resource: <resource> (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: <request-id>; Proxy: null)