When you have a Kafka cluster in AWS MSK with IAM auth, there will be situations where you need to interact with its CLI to view the resources or for troubleshooting. During authentication, you should pass a properties file containing auth parameters.
This bash script will set up the Kafka CLI to connect to the MSK cluster.
#!/bin/bash
# variables
BROKER_ENDPOINT=$MSK_ENDPOINT
KAFKA_VERSION=3.8.1
BINARY_VERSION=2.13
IAM_AUTH_CLI_VERSION=2.13.1
# Download Kafka Binary
wget https://archive.apache.org/dist/kafka/$KAFKA_VERSION/kafka_$BINARY_VERSION-$KAFKA_VERSION.tgz
tar -zxvf kafka_$BINARY_VERSION-$KAFKA_VERSION.tgz
cd kafka_$BINARY_VERSION-$KAFKA_VERSION
cd libs/
# Download AWS MSK IAM CLI
wget https://github.com/aws/aws-msk-iam-auth/releases/download/v$BINARY_VERSION/aws-msk-iam-auth-$IAM_AUTH_CLI_VERSION-all.jar
cd ../bin/
# AWS IAM Auth file
cat <<EOF> client.properties
security.protocol=SASL_SSL
sasl.mechanism=AWS_MSK_IAM
sasl.jaas.config=software.amazon.msk.auth.IAMLoginModule required;
sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler
EOF
Test
cd kafka_$IAM_AUTH_CLI_VERSION-$KAFKA_VERSION/bin
./kafka-topics.sh --bootstrap-server $BROKER_ENDPOINT --command-config client.properties --list