Secure connectivity patterns for Amazon MSK Serverless cross-account access
Big Data Blog
This article discusses secure connectivity patterns for enabling cross-account access to Amazon MSK Serverless, a serverless Apache Kafka cluster on AWS.
Specifically, the article covers:
- How MSK Serverless works and extends private connectivity to VPCs
- Requirements for cross-account access: private connectivity, authentication/authorization, and DNS resolution
- Two solution approaches for cross-account DNS resolution:
- Using private hosted zones
- Using Route 53 resolver rules and AWS Resource Access Manager
- Advantages and limitations of each approach
- Conclusion: MSK Serverless enables centralized Kafka clusters with cross-account access in a scalable and maintainable way
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 19
2025
2025
Secure access to a cross-account Amazon MSK cluster from Amazon MSK Connect using IAM authentication
Aug 7
2024
2024
AWS Glue mutual TLS authentication for Amazon MSK
Mar 30
2026
2026
Securely connect Kafka client applications to your Amazon MSK Serverless cluster from different VPCs and AWS accounts
Jun 2
2025
2025
Build a secure serverless streaming pipeline with Amazon MSK Serverless, Amazon EMR Serverless and IAM
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.