Amazon MSK now supports mutual TLS authentication in Amazon Web Services China regions
Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports mutual Transport Layer Security (mTLS) authentication in the Amazon Web Services China regions. This feature provides security by enabling two-way authentication between a client and broker, ensuring that both parties verify each other’s identity. With mTLS, both a client and Amazon MSK broker can authenticate using valid certificates issued by Amazon Private Certificate Authority (CA) during the TLS handshake. mTLS authentication is now available in the Amazon Web Services China (Beijing) region, operated by Sinnet, and the Amazon Web Services China (Ningxia) region, operated by NWCD.
To get started with mTLS authentication, you can create new MSK clusters with mTLS authentication enabled or configure existing clusters to support mTLS, through the Amazon Web Services Management Console, Amazon CLI, or Amazon SDKs. To learn more, refer to the Amazon MSK Developer Guide.