Posted On: Sep 17, 2021
Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports the simultaneous use of multiple authentication modes and updates to encryption-in-transit settings for Amazon MSK clusters. These features allow you to migrate your clients seamlessly from one authentication mode to another and update encryption settings to match those changes.
With this launch, you can now activate any combination of authentication modes (mutual TLS, SASL SCRAM, or IAM Access Control) on new or existing clusters, which is useful if you are migrating to a new authentication mode or need to run multiple authentication modes simultaneously. You also have the flexibility to update TLS encryption settings for data moving between clients and brokers to ensure that your encryption settings can evolve with your requirements. Additionally, you can update the Private Security Authority recognized by the cluster that can be used to sign certificates for mutual TLS authentication.
Amazon MSK supports IAM Access Control, mutual TLS, and SASL/SCRAM as authentication modes. The ability to update authentication and TLS encryption is available in all regions where Amazon MSK is available, including the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more about these features or how to migrate clients to new authentication modes, visit Amazon MSK’s user documentation.