Securely connect Kafka client applications to your Amazon MSK Serverless cluster from different VPCs and AWS accounts
Big Data Blog
This article explains how to securely connect Kafka clients to Amazon MSK Serverless clusters across different VPCs and AWS accounts using Aklivity Zilla Plus.
- Zilla Plus acts as a stateless Kafka-native edge proxy for cross-VPC and cross-account access
- Uses AWS PrivateLink, NLBs, and custom domain names with ACM wildcard certificates
- Kafka clients connect via custom domain (e.g., boot.my.custom.domain) instead of AWS-generated addresses
- Zilla Plus intercepts and rewrites broker metadata responses for transparent client routing
- Supports multiple MSK Serverless clusters with separate Route 53 DNS entries per cluster
- On-premises clients can access via AWS Client VPN integration
- No configuration changes required to MSK Serverless cluster itself
- Enforces fine-grained IAM authorization for topics and consumer groups
Zilla Plus enables seamless, secure cross-account and cross-VPC access to MSK Serverless clusters with custom domain support, without impacting existing direct client connections.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Mar 16
2026
2026
Securely connect Kafka clients running outside AWS to Amazon MSK with IAM Roles Anywhere
Apr 20
2026
2026
Migrate third-party and self-managed Apache Kafka clusters to Amazon MSK Express brokers with Amazon MSK Replicator
May 16
2024
2024
Safely remove Kafka brokers from Amazon MSK provisioned clusters
May 29
2024
2024
Introducing support for Apache Kafka on Raft mode (KRaft) with Amazon MSK clusters
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.