Skip to main content

Amazon multi-VPC private connectivity for Amazon MSK

Amazon multi-VPC private connectivity for Amazon Managed Streaming for Apache Kafka (Amazon MSK) allows you to establish private connectivity to an Amazon MSK cluster from different Virtual Private Clouds (VPCs) and AWS accounts over AWS PrivateLink.

You can use multi-VPC private connectivity to connect Imply Polaris to your Amazon MSK cluster from inside the AWS network.

info

All traffic that flows through AWS PrivateLink will incur interface endpoint expenses. For information on interface endpoint pricing, see AWS PrivateLink pricing.

Prerequisites

Before you proceed, ensure you have the following:

  • An Amazon MSK cluster that meets AWS requirements for running multi-VPC private connectivity.
    • The cluster must be in an ACTIVE state and in the same region as your Polaris project.
    • You need to configure AWS PrivateLink connectivity and select authentication schemes to control access to the cluster. If you are using the SASL/SCRAM authentication scheme, you must enable Apache Kafka access control lists (ACLs) for your Amazon MSK cluster and set the allow.everyone.if.no.acl.found property to false.
  • The 12-digit AWS account ID associated with Polaris. Contact your Polaris account representative to obtain the necessary AWS account ID.

Set up multi-VPC private connectivity

The following are the high-level steps to privately connect the Polaris VPC to the Amazon MSK cluster using multi-VPC private connectivity:

  1. Enable the multi-VPC private connectivity feature for any auth schemes that will be active on your Amazon MSK cluster. For more information, refer to the official AWS documentation.
  2. Attach a cluster policy to the Amazon MSK cluster. The cluster policy grants Polaris permission to access your Amazon MSK cluster. When editing the cluster policy, enter the AWS account ID associated with Polaris in the designated account ID field. For more information, refer to the official AWS documentation.
  3. After you update the configuration settings on the Amazon MSK cluster, contact your Polaris account representative with the following information to configure the connection on the Polaris side:
    • Cluster ARN: The Amazon Resource Name (ARN) of the Amazon MSK cluster.
    • Authentication type: The authentication method for Polaris to establish a connection with the Amazon MSK cluster.
    • AZ IDs: The Availability Zone IDs of the Amazon MSK cluster.

Learn more

See the following topics for more information: