Enables developers to use AWS Identity and Access Management (IAM) to connect to their Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters.
Apache License 2.0
138
stars
65
forks
source link
Auth error - while application hosted in Openshift Rosa POD trying to access AWS MSK #159
We have done all the configuration but this application is failing with below error :-
Caused by: com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [com.amazonaws.auth.AWSCredentialsProviderChain@663b8b0b: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, software.amazon.msk.auth.iam.internals.EnhancedProfileCredentialsProvider@4210c4cc: Profile file contained no credentials for profile 'default': ProfileFile(profilesAndSectionsMap=[]), com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@69e7ea6: Failed to connect to service endpoint: ]]
But when we are installing kafka-client on the node and trying to create a topic with same config/role it is able to do it.
Could you please let me know what is the issue ? is it impacted by the POD identity issue which is not supported by SDK v1 ?
Hi Team,
We were doing some POC to see kafka-UI (https://github.com/provectus/kafka-ui) which is deployed in Openshift Rosa POD can connect MSK or not.
We have configured IAM role and attached the required policies in both Rosa Node and MSK. Now we have used the below config for this connection :-
security.protocol = SASL_SSL sasl.mechanism = AWS_MSK_IAM sasl.jaas.config = software.amazon.msk.auth.iam.IAMLoginModule required; sasl.client.callback.handler.class = software.amazon.msk.auth.iam.IAMClientCallbackHandlerWe have done all the configuration but this application is failing with below error :-
Caused by: com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [com.amazonaws.auth.AWSCredentialsProviderChain@663b8b0b: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, software.amazon.msk.auth.iam.internals.EnhancedProfileCredentialsProvider@4210c4cc: Profile file contained no credentials for profile 'default': ProfileFile(profilesAndSectionsMap=[]), com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@69e7ea6: Failed to connect to service endpoint: ]]But when we are installing kafka-client on the node and trying to create a topic with same config/role it is able to do it.
Could you please let me know what is the issue ? is it impacted by the POD identity issue which is not supported by SDK v1 ?