Secure access to a cross-account Amazon MSK cluster from Amazon MSK Connect using IAM authentication
Big Data Blog
This article explains how to securely access a cross-account Amazon MSK cluster from MSK Connect using IAM authentication. The key steps involve:
- Enabling multi-VPC private connectivity on the MSK cluster in Account A
- Configuring a cluster policy to allow cross-account connector access
- Creating an IAM role in Account B with appropriate permissions
- Setting up network connectivity between the accounts
- Creating an MSK connector using AWS CLI with specific configuration parameters
The solution demonstrates using an S3 Sink connector to stream data between a Kafka cluster in one account and an S3 bucket in another, with a focus on security and network connectivity.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Apr 21
2026
2026
Configure a custom domain name for your Amazon MSK cluster enabled with IAM authentication
Feb 13
2024
2024
Secure connectivity patterns for Amazon MSK Serverless cross-account access
Sep 24
2024
2024
Multi-VPC private connectivity is now supported for Amazon MSK clusters configured with any authentication mechanism
Mar 16
2026
2026
Securely connect Kafka clients running outside AWS to Amazon MSK with IAM Roles Anywhere
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.