0

I have a MSK cluster and I am not able to connect to it via an ec2 host in the same vpc. Here are my settings:

  1. Security group applied to EC2 (Outbound) enter image description here
  2. Security group applied to MSK (Inbound) enter image description here
  3. The ec2 instance profile role has AmazonMSKFullAccess profile attached to it

Am I missing anything, can't seem to figure it out from the docs. Another interesting thing I noticed is that if I put another egress rule in ec2 security group for 0.0.0.0/0 it works.

command I am using:

aws kafka describe-cluster --region <region> --cluster-arn <cluster-arn>
prats
  • 225
  • 5
  • 15
  • Will you please Edit the question by adding the Security Group info of both EC2 and MSK Cluster, In that table instead of writing/masking IPs please provide that IP Information. – Achyut Vyas Sep 05 '20 at 06:03

1 Answers1

1

The command that you use:

aws kafka describe-cluster --region --cluster-arn

is to connect to MKS Service endpoint which is public and requires internet access. Thus if you don't have eggress rule of 0.0.0.0/0, your command fails. When you enable ``0.0.0.0/0`, it works as the command can access the service endpoint.

And the security groups you specified are to enable kafka native command line tools to connect to the cluster, not to the MKS service endpoint.

Marcin
  • 215,873
  • 14
  • 235
  • 294