Open christrt9 opened 9 months ago
Hello there r00t9! 👋
Thank you and congratulations 🎉 for opening your very first issue in this project! 💖
In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀
The way I did this is that I attached the role (instance profile) to EC2 directly, and not SASL_JAAS_CONFIG. Then test thru CLI that you can access Msk. If this works then you role is correct. Otherwise you issues with role.
Then run the kafka ui docker.. And it works fine. The following is what I added to docker file
#
# For MSK IAM authentication
#
kafka.clusters.0.properties.security.protocol: SASL_SSL
kafka.clusters.0.properties.sasl.mechanism: AWS_MSK_IAM
kafka.clusters.0.properties.sasl.client.callback.handler.class: software.amazon.msk.auth.iam.IAMClientCallbackHandler
kafka.clusters.0.properties.sasl.jaas.config: software.amazon.msk.auth.iam.IAMLoginModule required;
#
# For MSK TLS
#
kafka.clusters.0.properties.ssl.truststore.location: /some-folder/kafka.client.truststore.jks
kafka.clusters.0.properties.ssl.truststore.password: changeit
@kothapet How did you test access to MSK through CLI? Can you pls provide your commands? I'm using ECS and Fargate tasks to run my UI, and using a MSK cluster, but I'm having issues where the UI isn't retriving complete cluster details, and I suspect connectivity issues. Can you please provide some more info on how you tested access to MSK?
@Janhavi-Shinde follow the documentation on AWS MSK developer guide. https://docs.aws.amazon.com/msk/latest/developerguide/getting-started.html. step 1-4. If you are using IAM make sure setup the roles correctly and check your Security groups. If you are using some other authentication look at the security authentication and authorization sections.
@kothapet I followed that same guide to create a provisioned cluster (also created a serverless cluster but I'm trying to connect the provisioned one right now). I've checked the IAM role I am using has very liberal access (e.g kafka-cluster:* and is applied to all my clusters), my security group has sufficient access inbound and outbound, and the UI and MSK cluster is within the same VPC and Subnets also.
Issue submitter TODO list
master
-labeled docker image and the issue still persists thereDescribe the bug (actual behavior)
I run kafka-ui in EC2 with IAM Role but is not working
Expected behavior
with with role.
Your installation details
EC2 with docker container version: latest and APP version: https://github.com/provectus/kafka-ui/commit/56fa824
I have this value in docker-compose
Policy:
Steps to reproduce
Try with IAM Role and this config
Screenshots
No response
Logs
No response
Additional context
No response