Posted On: May 7, 2023

Amazon Managed Streaming for Apache Kafka (MSK) now offers two new features: mult-VPC private connectivity and cluster policy support for Amazon MSK clusters that simplify connectivity and access between your Apache Kafka clients hosted in different VPCs and Amazon Web Services accounts and your Amazon MSK clusters.

We are launching multi-VPC private connectivity (powered by Amazon PrivateLink) that allows you to easily establish cross-VPC and cross-account connectivity between your Apache Kafka clients and your Amazon MSK cluster, while keeping all traffic within the Amazon Web Services China Network. You can selectively turn on multi-VPC private connectivity with a few clicks for one or more authentication modes on your cluster. IAM, SASL SCRAM and mutual TLS authentication modes are supported for multi-VPC private connectivity. Apache Kafka Clients can then connect privately to the cluster by using Amazon MSK to create Amazon PrivateLink Endpoints.

We are also launching support for defining cluster policy for Amazon MSK clusters. This capability allows you to easily set up permissions needed for the Apache Kafka clients to privately connect to a MSK cluster in a different account. Simply define the cluster policy to provide the cross-account Amazon IAM principals associated with your Apache Kafka clients the required permissions to set up private connectivity to your Amazon MSK cluster. You can also use cluster policies in conjunction with IAM client authentication to granularly define your clients’ permissions for specific Apache Kafka APIs and resources.

Multi-VPC private connectivity is available with pay-as-you-go pricing and is supported in both Amazon Web Services China (Beijing) region, operated by Sinnet and Amazon Web Services China (Ningxia) region, operated by NWCD. To learn how to get started with multi-VPC private connectivity and cluster policies, visit our Amazon MSK Developer Guide.

Amazon MSK is a fully managed service for Apache Kafka and Kafka Connect that makes it easy for you to build and run applications that use Apache Kafka as a data store. Amazon MSK is fully compatible with Apache Kafka, which enables you to quickly migrate your existing Apache Kafka workloads to Amazon MSK with confidence or build new ones from scratch. With Amazon MSK, you spend more time building innovative applications and less time managing clusters.