DEV Community

AWS MSK IAM Authentication CLI commands

When you have a Kafka cluster in AWS MSK with IAM auth, there will be situations where you need to interact with its CLI to view the resources or for troubleshooting. During authentication, you should pass a properties file containing auth parameters.

This bash script will set up the Kafka CLI to connect to the MSK cluster.

#!/bin/bash

# variables
BROKER_ENDPOINT=$MSK_ENDPOINT
KAFKA_VERSION=3.8.1
BINARY_VERSION=2.13
IAM_AUTH_CLI_VERSION=2.13.1

# Download Kafka Binary
wget https://archive.apache.org/dist/kafka/$KAFKA_VERSION/kafka_$BINARY_VERSION-$KAFKA_VERSION.tgz
tar -zxvf kafka_$BINARY_VERSION-$KAFKA_VERSION.tgz
cd kafka_$BINARY_VERSION-$KAFKA_VERSION
cd libs/

# Download AWS MSK IAM CLI
wget https://github.com/aws/aws-msk-iam-auth/releases/download/v$BINARY_VERSION/aws-msk-iam-auth-$IAM_AUTH_CLI_VERSION-all.jar
cd ../bin/

# AWS IAM Auth file 
cat <<EOF> client.properties
security.protocol=SASL_SSL
sasl.mechanism=AWS_MSK_IAM
sasl.jaas.config=software.amazon.msk.auth.IAMLoginModule required;
sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler
EOF
Enter fullscreen mode Exit fullscreen mode

Test

cd kafka_$IAM_AUTH_CLI_VERSION-$KAFKA_VERSION/bin
./kafka-topics.sh --bootstrap-server $BROKER_ENDPOINT --command-config client.properties --list
Enter fullscreen mode Exit fullscreen mode

Top comments (0)